CVE-2023-49113

The Kiuwan Local Analyzer (KLA) Java scanning application contains several <br /> hard-coded secrets in plain text format. In some cases, this can <br /> potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer.<br /> <br /> The<br /> JAR file "lib.engine/insight/optimyth-insight.jar" contains the file <br /> "InsightServicesConfig.properties", which has the configuration tokens <br /> "insight.github.user" as well as "insight.github.password" prefilled <br /> with credentials. At least the specified username corresponds to a valid<br /> GitHub account. The<br /> JAR file "lib.engine/insight/optimyth-insight.jar" also contains the <br /> file "es/als/security/Encryptor.properties", in which the key used for <br /> encrypting the results of any performed scan.<br /> <br /> <br /> <br /> <br /> This issue affects Kiuwan SAST: