passbolt/passbolt_api is vulnerable to Information Disclosure. The vulnerability is due to the exposure of session cookies through the /auth/verify.json
endpoint, which returns cookies in the response similar to the TRACE HTTP method, potentially allowing an attacker to hijack a user session if they exploit an XSS vulnerability.