Possible Database Details stored in values.yaml
Medium
Vulnerability Details
The database details like username and database name are disclosed in the below mentioned file. Assuming a blank password since the password field was empty.
File Location : https://github.com/Sifchain/sifnode/blob/740331dad061ee0f5a3cf3798d429f294b70f0ae/deploy/helm/block-explorer/values.yaml
I have attached screenshot in this report.
## Impact
An attacker can use this vulnerability to access the database once he is on the internal system.
Actions
View on HackerOneReport Stats
- Report ID: 1199803
- State: Closed
- Substate: duplicate
- Upvotes: 2