Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- The script reads arbitrary application YAML files to obtain live MySQL and Redis credentials, then connects to those services. This enables secret extraction and direct access to production-like data stores if an attacker or careless user supplies sensitive config paths, greatly increasing the chance of credential misuse and data exposure.
