The Same Secret Is Exposed in Multiple Locations
Description
Exposing the same secret across multiple locations increases the risk of unauthorized access. A breach in one location could compromise all instances, expanding the attack surface. Reducing duplication and enforcing unique, controlled storage is essential to limit vulnerabilities.

Detection triggers
The same exposed secret is detected across multiple locations. The exposure can be detected multiple times on the same page or code commit, or it can be detected across different applications.
Mitigation
Notify the secret owners about the exposure they created and request any possible justification.
Take the following steps to guarantee your organization\'s security:
-
Eliminate exposure points where feasible to minimize the potential attack surface.
-
If the exposure was unintentional, it is strongly advised to revoke the secret and generate a new one
JSON Example
Risk JSON
account: null
accountId: null
accountType: null
category: "EXPOSED_SECRET"
correlationGuid: null
creationDate: "2024-06-09T20:00:46.458Z"
customData: null
customerId: 34
data: [,…]
description: "This strongly suggests it might be excessively distributed and impose risk to your organization. \n To prevent a potential breach, this scattered secret should be revoked and recreated."
destination: "GITHUB_API_TOKEN"
guid: "RSK-4484"
hasComment: null
hasJiraTicket: null
hasSeen: false
hasSlackMessage: null
id: 9956
isArchived: false
key: "EXPOSURE-c57b6ec81133c2f9d7a373c425422c99dda48efdeca18b3ce6ec1aca1088a497"
linkedElements: ["EXP-3453", "EXP-3452", "EXP-3445", "EXP-3465", "EXP-3454"]
logChangeType: null
modifyDate: "2024-06-10T10:00:46.260Z"
name: "The same secret is exposed in multiple locations"
occurrences: []
owner: "Neil Horn"
ownerAiObject: {similarity: 1, ownerItemType: "fullname", elementItemType: "username",…}
ownerUid: "04f3c267-696f-46eb-855a-311758477d1d"
path: ""
ruleCode: "OVEREXPOSED"
scanId: 320939
severity: "HIGH"
source: "{\"exposedLocations\":[\"JIRA\",\"JIRA\",\"JIRA\",\"SLACK_CHANNEL\",\"JIRA\"],\"guids\":[\"EXP-3453\",\"EXP-3452\",\"EXP-3445\",\"EXP-3465\",\"EXP-3454\"]}"
status: "OPEN"
tags: ["Exposed"]
tasks: [{customerId: 34, riskId: 9956, type: "ELIMINATE_OVEREXPOSED", level: "MEDIUM",…}]
type: "EXPOSURE"
Linked Element (Exposed Secret) JSON, example of one location of the exposure
account: {environment: "QA_Saya", environmentType: "QA", accountType: "ATLASSIAN",…}
accountId: "liminalsecurity.atlassian.net"
accountType: "ATLASSIAN"
correlationGuid: null
customerId: 34
detectionTime: "2024-06-09T18:20:33.037Z"
exposedLocationType: "JIRA"
exposureOnExternalChat: false
exposureOnPublicGitRepo: null
exposurePath: "OCR Cap"
exposureUrl: "https://liminalsecurity.atlassian.net/browse/ES-4996?focusedCommentId=18518"
guid: "EXP-3453"
isAdmin: false
isArchived: true
isHidden: false
isNhi: null
keyFindingsJson: {url: "https://liminalsecurity.atlassian.net/browse/ES-4996?focusedCommentId=18518",…}
keyId: "ES-4996_c57b6ec81133c2f9d7a373c425422c99dda48efdeca18b3ce6ec1aca1088a497"
keyType: "JIRA_COMMENT"
lastModified: "2024-06-09T17:37:37.108Z"
liminalCreationDate: "2024-06-09T18:20:33.037Z"
liminalModifyDate: "2024-11-03T13:19:35.125Z"
linkedElements: []
location: "Entro Security"
ocr: null
origin: "GITHUB_API_TOKEN"
owner: "Neil Horn"
ownerAiObject: {similarity: 1, ownerItemType: "fullname", elementItemType: "username",…}
ownerUid: "0b86ca82-d36b-4b59-a1e4-dae715cfbe42"
scanId: 316077
secretSnippet: "github_pat"
severity: "CRITICAL"
status: "ENABLED"
tags: {tags: ["QA_Saya"]}
uid: "a08bd802-9d3f-4b5a-90fe-6f365a5a7507"
vendorHash: null