| Titel | Browserbase Browserbase Skills latest main branch prior to fix (tested May 2026) Information Disclosure / Insecure File Permissions |
|---|
| Beschreibung | Autobrowse trace artifacts (trace.json, messages.json, summary.md, screenshots) are written using default filesystem permissions without explicitly restricting access. On systems with permissive umask settings or shared-readable workspaces, sensitive trace data including tokens, cookies, request headers, prompts, form data, and screenshots may become readable by other local users or processes. |
|---|
| Quelle | ⚠️ https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/browserbase-skills-infoleak-poc.sh |
|---|
| Benutzer | vaibhavnarkhede (UID 94039) |
|---|
| Einreichung | 26.05.2026 17:54 (vor 28 Tagen) |
|---|
| Moderieren | 21.06.2026 15:17 (26 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 372613 [Browserbase bis 20260526 Autobrowse Trace Artifact erweiterte Rechte] |
|---|
| Punkte | 19 |
|---|