| 제목 | Browserbase Browserbase Skills latest main branch prior to fix (tested May 2026) Information Disclosure / Insecure File Permissions |
|---|
| 설명 | Autobrowse trace artifacts (trace.json, messages.json, summary.md, screenshots) are written using default filesystem permissions without explicitly restricting access. On systems with permissive umask settings or shared-readable workspaces, sensitive trace data including tokens, cookies, request headers, prompts, form data, and screenshots may become readable by other local users or processes. |
|---|
| 원천 | ⚠️ https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/browserbase-skills-infoleak-poc.sh |
|---|
| 사용자 | vaibhavnarkhede (UID 94039) |
|---|
| 제출 | 2026. 05. 26. PM 05:54 (28 날 ago) |
|---|
| 모더레이션 | 2026. 06. 21. PM 03:17 (26 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 372613 [Browserbase 까지 20260526 Autobrowse Trace Artifact 권한 상승] |
|---|
| 포인트들 | 19 |
|---|