CWE-522 on ZAP /alerttags/cwe-522/ Recent content in CWE-522 on ZAP Hugo en-us Exposed Secrets in Swagger/OpenAPI Path /docs/alerts/100043-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100043-2/ <p>Swagger UI endpoint exposes sensitive secrets such as client secrets, API keys, or OAuth tokens. These secrets may be accessible in the HTML source and should not be exposed publicly, as this can lead to compromise.</p> Vulnerable Swagger UI Version Detected /docs/alerts/100043-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100043-1/ <p>This Swagger UI version is known to contain vulnerabilities. Exploitation may allow unauthorized access, XSS, or token theft.</p> <p>Affected versions:</p> <ul> <li>Swagger UI v2 &lt; 2.2.10</li> <li>Swagger UI v3 &lt; 3.24.3</li> </ul>