Security Test: AppVeyor Config Exposure¶
Description¶
Default Severity:
This vulnerability happens when a project's AppVeyor configuration file is made publicly accessible, accidentally exposing settings and secrets like tokens, keys, or other sensitive data. When these configuration files are not properly secured, attackers can gain insight into the infrastructure and potentially misuse the exposed information, leading to unauthorized access or system compromise. Developers often make mistakes by not properly restricting file access or by embedding sensitive data directly in these files, which increases the risk of accidental leaks and cyberattacks.
Configuration¶
Identifier:
information_disclosure/appveyor_config_exposure
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.1 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-123 |
| FedRAMP | AC-22 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVSS Score | 3.0 |