{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "2.1" } ] }, "events": [ { "introduced": "0" }, { "fixed": "915a2b30b847e0e5ca94c54b6acba865876367b7" } ], "repo": "https://github.com/bluewave-labs/Checkmate", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "36d78a9aa4ed607ca1bd2b5fdaca5a3927b2d287" }, { "fixed": "7a855ef47adf2265121c236097059c7c6555fd7c" }, { "fixed": "91c2f7f0d5106bdfd4a0ff2c14b7e44acc3baee6" } ], "repo": "https://github.com/bluewave-labs/checkmate", "type": "GIT" } ] } ], "aliases": [ "GHSA-jjmg-cjr4-439m" ], "details": "In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.", "id": "CVE-2025-48024", "modified": "2026-04-01T23:08:49.509530839Z", "published": "2025-05-15T05:15:51.377Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-jjmg-cjr4-439m" }, { "type": "FIX", "url": "https://github.com/bluewave-labs/Checkmate/commit/36d78a9aa4ed607ca1bd2b5fdaca5a3927b2d287" }, { "type": "FIX", "url": "https://github.com/bluewave-labs/Checkmate/commit/7a855ef47adf2265121c236097059c7c6555fd7c" }, { "type": "FIX", "url": "https://github.com/bluewave-labs/Checkmate/commit/91c2f7f0d5106bdfd4a0ff2c14b7e44acc3baee6" }, { "type": "FIX", "url": "https://github.com/bluewave-labs/Checkmate/pull/2227" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "type": "CVSS_V3" } ] }