GHSA-3hfj-qcvj-4hx8: Leantime has Missing Authorization Check for Host Parameter

February 21, 2025

By exploiting this vulnerability an attacker can able to view profile information (but not anything else or change anything)

References

github.com/Leantime/leantime
github.com/Leantime/leantime/security/advisories/GHSA-3hfj-qcvj-4hx8
github.com/advisories/GHSA-3hfj-qcvj-4hx8

Code Behaviors & Features

Detect and mitigate GHSA-3hfj-qcvj-4hx8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →