Information Disclosure
Discription
github.com/authzed/spicedb is vulnerable to Information Disclosure. The vulnerability exists in the `MetricsHandler` function in `defaults.go` because it exposes the `–grpc-preshared-key` flag in the `spicedb serve` command which allows an attacker to gain access to the secret key and preform unauthorized actions.Read More
References
Back to Main