GHSA-q3v2-xj35-9grx: Umbraco.AI discloses sensitive application configuration values
Under certain configurations, a user with elevated privileges may be able to cause sensitive application configuration values, potentially including secret material such as credentials, to be disclosed. Successful exploitation could expose confidential information and, depending on what the affected installation stores in configuration, enable further compromise. Exploitation requires access to the AI section of the backoffice and a specific custom AI provider, which limits real-world exposure.
References
Code Behaviors & Features
Detect and mitigate GHSA-q3v2-xj35-9grx with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →