Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 6:28 p.m.14 views

Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL

Summary Budibase stores external REST datasource credentials server-side and documents that database credentials are applied server-side and are not exposed in the UI. The REST datasource implementation redacts stored Basic/Bearer/OAuth2 auth secrets before returning datasource data to clients...

8.1CVSS5.7AI score0.00257EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/27 4:56 p.m.20 views

CVE-2026-48152

Budibase (open-source low-code) prior to 3.39.0 exposes a vulnerability where a Basic app user (mapped to WRITE permissions) can read an existing REST datasource, obtain redacted authConfigs, and update only the config.url. During update, mergeConfigs() restores the original secret when it detect...

8.1CVSS5.8AI score0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 4:56 p.m.15 views

CVE-2026-48152 Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL

Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...

8.1CVSS5.8AI score0.00257EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 7:16 p.m.10 views

gix-transport: HTTP credentials leaked to redirected host in curl backend

Summary The curl-based HTTP transport in gix-transport sends user credentials passwords, tokens to an attacker-controlled server after an HTTP redirect. When a server responds with a 302 redirect during the initial GET /info/refs, gitoxide records the redirected base URL and rewrites all subseque...

5.8AI score
Exploits0References2Affected Software1
Rows per page
Query Builder