01-03-2026, 12:30 PM
Low
resolved
resolved
The role "CI-driven scan initiator" provides excessive read access
Bug reported by Osama Hamad was disclosed at January 2, 2026, 9:32 am | Privilege Escalation
The reporter noticed that all authenticated users were able to access certain non-sensitive information such as metadata about third-party integrations. This was found to be by design, and the documentation was updated to clarify the information available to all authenticated users.