Information Disclosure
@saltcorn/cli is vulnerable to Information Disclosure. The vulnerability exists because it does not properly restrict unsafe plugins in subdomain tenants, which allows an admin authenticated attacker to install an unsafe plugin gain access to sensitive information from other tenants...