Shell Script Disclosure

Shell scripts for building and deploying applications are often left in public places, making them an easy target to discover. These scripts may contain sensitive information that attackers can use.

Impact

Attackers may obtain sensitive information, such as credentials, API keys, etc., about critical components.

Solution

Do not expose sensitive shell scripts which may contain credentials and software deployment procedures.