AWS Credentials Disclosure at ███

Hi team!! I found the config.json file, which contains sensitive information of AWS. POC: https://███████/config.json ``` {"aws": { "accessKeyID": "███████", "secretAccessKey": "██████████", "region": "███", "bucket": "██████", "endpoint": "https://s3.amazonaws.com" }, "serverSettings": { "port": 443, "timeout": 18000000 }, "█████████": { "authorizationURL": "https://████/ms_oauth/oauth2/endpoints/oauthservice/authorize", "tokenURL": "https://████/ms_oauth/oauth2/endpoints/oauthservice/tokens", "clientID": "██████████", "clientSecret": "█████", "callbackURL": "https://████████/callback", "userProfileURL": "https://███/ms_oauth/resources/userprofile/me" } } ``` ## Impact By using leaked AWS credentials or abusing credentials with misconfigured permissions, an attacker could try to gain access to sensitive information on the AWS account or perform arbitrary modification on the AWS resources. ## System Host(s) █████████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce 1. Use a browser to navigate to: https://██████/config.json ## Suggested Mitigation/Remediation Actions