2 matches found
CVE-2026-63307 Chat2DB < 5.3.0 Insecure Direct Object Reference via GET /api/connection/datasource
Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/id endpoint. The handler calls dataSourceService.queryExistentid, ... without an ownership check and returns the decrypted password field, allowing any authenticated non-admin use...
CVE-2026-63307
CVE-2026-63307 affects Chat2DB prior to 5.3.0. The vulnerability is an insecure direct object reference in GET /api/connection/datasource/{id}. The handler calls dataSourceService.queryExistent(id, …) without an ownership check and returns the decrypted password field, enabling any authenticated ...