Impact
A user that has access to a project may be able to view a projects private key via some API queries even if they don't have the owner role for that project.
Users that do not have any access to a project are still not able to view project private keys.
Patches
Has the problem been patched? What versions should users upgrade to?
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
rocketeerbkw Analyst
Impact
A user that has access to a project may be able to view a projects private key via some API queries even if they don't have the owner role for that project.
Users that do not have any access to a project are still not able to view project private keys.
Patches
Has the problem been patched? What versions should users upgrade to?
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory: