Description
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.
References (5)
Core 5
Core References
Issue Tracking
https://github.com/bluewave-labs/Checkmate/pull/2227
Scores
CVSS v3
5.0
EPSS
0.0028
EPSS Percentile
19.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-497
Status
published
Products (1)
BlueWave/Checkmate
< 2.1
Published
May 15, 2025
Tracked Since
Feb 18, 2026