Low
resolved
resolved
The role "CI-driven scan initiator" provides excessive read access
Bug reported by Osama Hamad was disclosed at January 2, 2026, 9:32 am | Privilege Escalation
The reporter noticed that all authenticated users were able to access certain non-sensitive information such as metadata about third-party integrations. This was found to be by design, and the documentation was updated to clarify the information available to all authenticated users.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
