2 matches found
CVE-2026-56229 Capgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/logs
Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...
CVE-2026-56229
Capgo before 12.128.2 has an authorization bypass in /build/status and /build/logs that lets an attacker access build jobs from other apps by mixing app_id and job_id. Limited API keys scoped to one app can read status/logs across apps by using an authorized app_id with a job_id from another app,...