{"id":"CVE-2025-48024","details":"In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.","aliases":["GHSA-jjmg-cjr4-439m"],"modified":"2026-04-10T05:28:06.105747Z","published":"2025-05-15T05:15:51.377Z","references":[{"type":"ADVISORY","url":"https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-jjmg-cjr4-439m"},{"type":"FIX","url":"https://github.com/bluewave-labs/Checkmate/commit/36d78a9aa4ed607ca1bd2b5fdaca5a3927b2d287"},{"type":"FIX","url":"https://github.com/bluewave-labs/Checkmate/commit/7a855ef47adf2265121c236097059c7c6555fd7c"},{"type":"FIX","url":"https://github.com/bluewave-labs/Checkmate/commit/91c2f7f0d5106bdfd4a0ff2c14b7e44acc3baee6"},{"type":"FIX","url":"https://github.com/bluewave-labs/Checkmate/pull/2227"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bluewave-labs/Checkmate","events":[{"introduced":"0"},{"fixed":"915a2b30b847e0e5ca94c54b6acba865876367b7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1"}]}},{"type":"GIT","repo":"https://github.com/bluewave-labs/checkmate","events":[{"introduced":"0"},{"fixed":"36d78a9aa4ed607ca1bd2b5fdaca5a3927b2d287"},{"fixed":"7a855ef47adf2265121c236097059c7c6555fd7c"},{"fixed":"91c2f7f0d5106bdfd4a0ff2c14b7e44acc3baee6"}]}],"versions":["v1.0","v1.1.0","v2.0.1","v2.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48024.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}]}