Chartbrew Public Chart Access Vulnerability Allowing Retrieval of Hidden Data
Vulnerability
A vulnerability in Chartbrew version 4.9.0 allows unauthenticated access to chart data that is intentionally hidden from public reports. The issue arises because the public chart retrieval and export routes only verify project-level public access and, for exports, a team-level export toggle. They do not check if the chart is allowed on the public report or if the governing SharePolicy permits public access. As a result, an attacker who knows a chart identifier in a public project can read or export data from charts that were meant to be private.
Impact
This vulnerability could lead to unauthorized access to sensitive chart data that is not intended for public viewing, including detailed spreadsheet data through the export function.
Reproduction
To reproduce this vulnerability, an attacker must identify a hidden chart in a public project and, if the project is password-protected, know the report password. The attacker can then use the public chart retrieval or export routes to access the hidden data.
Remediation
Users are advised to update to Chartbrew version 5.0.0, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.