GitHub / GitLab OAuth Secrets Leak

The missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a coolify instance by only knowing the UUID of the model.
This exposes the "client id", "client secret" and "webhook secret"

PoC

https://your-own-coolify.instance/source/github/<UUID>
https://your-own-coolify.instance/source/gitlab/<UUID>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub / GitLab OAuth Secrets Leak

Package

Affected versions

Patched versions

Description

PoC

Severity

CVE ID

Weaknesses

Credits