Our team occasionally scans APIs for various customer and research purposes, or in connection with a specific request. As we do this, we sometimes find vulnerabilities from third-party organizations. This article is part of an ongoing series of posts following some API vulnerabilities FireTail researchers have uncovered in the process…
Viktor Markopoulous discovered that an API belonging to a financial application was leaking its Github repository, which contains the API's source code. The repository is leaking not only the APIs source code but also the JWT key and their database credentials.
Therefore, unauthorized users could gain access to sensitive information via the API using the data leaked via Github.
To date, the vulnerability has not been fixed.