Exposed Database Connection String #783
Description
Exposed Database Connection String
Severity: Low Discovered: 18 of November-2025, 12:30 PM UTC
CWE ID
CWE-89
CVSS
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
A Database connection string was found in the source code. This could allow an attacker to connect to the database and read or modify the data.
Possible exposure
Leakage of Sensitive Data.
Remediation suggestions
Ensure that any sensitive dynamic information such as database connection strings is not saved in source files or reflected in the client-side code. Instead use environment variables or secure storage mechanisms.
Request
GET http://docker:3000/api/config HTTP/1.1
Cookie: bc-calls-counter=1763469002624; connect.sid=JbGM1ZNqDQ_jmKFiNm_AKNj4E7PizgkD.98WzbHrvAxO2XXgVS7Cyy2rEUNSuWrJ9ACVOnUr5HYc
Connection: close
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.7258.154 Safari/537.36Response
HTTP/1.1 200
date: Tue, 18 Nov 2025 12:30:02 GMT
Connection: close
Set-Cookie: bc-calls-counter=1763469002624; domain=docker; path=/
content-type: application/json; charset=utf-8
Cache-Control: public, max-age=99999
content-length: 156
x-xss-protection: 0
x-content-type-options: 1
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'
strict-transport-security: max-age=0
{"awsBucket":"https://neuralegion-open-bucket.s3.amazonaws.com","sql":"postgres://bc:bc@db:5432/bc ","googlemaps":"AIzaSyD2wIxpYCuNI0Zjt8kChs2hLTS5abVQfRQ"}