cyberniraj commented on PR #6554: URL: https://github.com/apache/druid/pull/6554#issuecomment-4759387715
Hi Team, Hardcoded AWS credentials (Access Key ID and Secret Access Key) were identified in the public repository. The credentials appear to be embedded directly in the code/configuration and are not protected or restricted within the repository. ##Step to Reproduces: 1.Clone the repository: git clone https://github.com/lyft/druid.git & cd druid 2.Search the repository for potential AWS credential keywords: [ grep -R "accessKey" -n . grep -R "secretKey" -n . ] ##Impact If the exposed AWS credentials are active and associated with this IAM user, an attacker could authenticate to the AWS environment and perform actions based on the attached IAM permissions. Depending on the privilege level of the user, potential impact may include: Unauthorized access to AWS services and resources Uploading or modifying files in services such as S3 Triggering billable operations (e.g., storage uploads, compute usage, API calls), leading to financial impact Disruption of production or testing environments Access to internal application data or infrastructure configurations -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
