Primary

Context

Blinko Information Exposure Vulnerability in Public User List Endpoint

Vulnerability

A vulnerability in Blinko versions prior to 1.8.4 allows unauthorized access to sensitive user information through a public endpoint. The affected endpoint, '/v1/user/public-user-list', exposes usernames, roles, and account creation dates without requiring authentication. This information leak could facilitate user enumeration and identification of superadmin accounts.

Impact

The vulnerability could be exploited to gather sensitive user information, including roles and account creation dates, potentially leading to user enumeration and targeted attacks.

Remediation

Users can upgrade to Blinko version 1.8.4 or later to address this vulnerability.

Added: Mar 23, 2026, 9:22 PM

Updated: Mar 23, 2026, 9:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

4.6

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

4.6

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blinko Information Exposure Vulnerability in Public User List Endpoint

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating