2 matches found
CVE-2026-40600
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affect...
CVE-2026-40600
Chartbrew prior to 5.0.0 allowed cross-project modification of SharePolicy because policy_id was not verified against the target project. Authenticated users with access to one project could update/delete sharing rules (visibility, password requirements, allowed parameters, expiration). Patch rel...