Chat2db
Monthly
Insecure direct object reference in Chat2DB before 5.3.0 lets any authenticated non-admin user read the decrypted database credentials of datasources belonging to other users by enumerating IDs against GET /api/connection/datasource/{id}. Because the handler returns the plaintext password field and omits an ownership check, a single low-privileged account can harvest every other tenant's stored connection secrets. No public exploit has been identified at time of analysis, but exploitation is trivial and the EPSS/KEV signals were not supplied in the input.
Insecure direct object reference in Chat2DB before 5.3.0 lets any authenticated non-admin user read the decrypted database credentials of datasources belonging to other users by enumerating IDs against GET /api/connection/datasource/{id}. Because the handler returns the plaintext password field and omits an ownership check, a single low-privileged account can harvest every other tenant's stored connection secrets. No public exploit has been identified at time of analysis, but exploitation is trivial and the EPSS/KEV signals were not supplied in the input.