| Titolo | Browserbase Browserbase Skills latest main branch prior to fix (tested May 2026) Information Disclosure / Insecure File Permissions |
|---|
| Descrizione | Autobrowse trace artifacts (trace.json, messages.json, summary.md, screenshots) are written using default filesystem permissions without explicitly restricting access. On systems with permissive umask settings or shared-readable workspaces, sensitive trace data including tokens, cookies, request headers, prompts, form data, and screenshots may become readable by other local users or processes. |
|---|
| Fonte | ⚠️ https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/browserbase-skills-infoleak-poc.sh |
|---|
| Utente | vaibhavnarkhede (UID 94039) |
|---|
| Sottomissione | 26/05/2026 17:54 (28 giorni fa) |
|---|
| Moderazione | 21/06/2026 15:17 (26 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 372613 [Browserbase fino a 20260526 Autobrowse Trace Artifact escalationi di privilegi] |
|---|
| Punti | 19 |
|---|