Secret leaks often occur when a sensitive piece of authentication data is stored with the source code of an application. Considering the source
code is intended to be deployed across multiple assets, including source code repositories or application hosting servers, the secrets might get
exposed to an unintended audience.
Why is this an issue?
In most cases, trust boundaries are violated when a secret is exposed in a source code repository or an uncontrolled deployment environment.
Unintended people who don’t need to know the secret might get access to it. They might then be able to use it to gain unwanted access to associated
services or resources.
The trust issue can be more or less severe depending on the people’s role and entitlement.
What is the potential impact?
GitLab tokens are used for authentication and authorization purposes. They are essentially access credentials that allow users or applications to
interact with the GitLab API.
With a GitLab token, you can perform various operations such as creating, reading, updating, and deleting resources like repositories, issues,
merge requests, and more. Tokens can also be scoped to limit the permissions and actions that can be performed.
A leaked GitLab token can have significant consequences for the security and integrity of the associated account and resources. It exposes the
account to unauthorized access, potentially leading to data breaches and malicious actions. The unintended audience can exploit the leaked token to
gain unauthorized entry into the GitLab account, allowing them to view, modify, or delete repositories, issues, and other resources. This unauthorized
access can result in the exposure of sensitive data, such as proprietary code, customer information, or confidential documents, leading to potential
data breaches.
Moreover, the unintended audience can perform malicious actions within the account, introducing vulnerabilities, injecting malicious code, or
tampering with settings. This can compromise the security of the account and the integrity of the software development process.
Additionally, a leaked token can enable the unintended audience to take control of the GitLab account, potentially changing passwords, modifying
settings, and adding or removing collaborators. This account takeover can disrupt development and collaboration workflows, causing reputational damage
and operational disruptions.
Furthermore, the impact of a leaked token extends beyond the immediate account compromise. It can have regulatory and compliance implications,
requiring organizations to report the breach, notify affected parties, and potentially face legal and financial consequences.
In general, the compromise of a GitLab token would lead to consequences referred to as supply chain attacks that can affect more than one’s own
organization.
How to fix it
Revoke the secret
Revoke any leaked secrets and remove them from the application source code.
Before revoking the secret, ensure that no other applications or processes are using it. Other usages of the secret will also be impacted when the
secret is revoked.
Analyze recent secret use
When available, analyze authentication logs to identify any unintended or malicious use of the secret since its disclosure date. Doing this will
allow determining if an attacker took advantage of the leaked secret and to what extent.
This operation should be part of a global incident response process.
Use a secret vault
A secret vault should be used to generate and store the new secret. This will ensure the secret’s security and prevent any further unexpected
disclosure.
Depending on the development platform and the leaked secret type, multiple solutions are currently available.
Code examples
Noncompliant code example
props.set("token", "glpat-zcs1FfaxGnHfvzd7ExHz")
Compliant solution
props.set("token", System.getenv("TOKEN"))
Resources
Standards
