You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The GraphQL query domain used by SDK to retrieve the snapshot can leak other domains when the parameter name is not defined.
This security issue needs SDKs to be re-built or re-compiled, however, the API can be accessed externally and therefore the params can be redefined.
To Reproduce from Switcher Management
Steps to reproduce the behavior:
Hit the API using domain query only using the environment and _component names.
Expected behavior
When using the Client SDK, the Domain name is already embedded into the token, therefore, the name can be discarded in the upcoming releases.
When using Admin users, the name or Domain ID should be required.
The text was updated successfully, but these errors were encountered:
Describe the bug
The GraphQL query
domainused by SDK to retrieve the snapshot can leak other domains when the parameternameis not defined.This security issue needs SDKs to be re-built or re-compiled, however, the API can be accessed externally and therefore the params can be redefined.
To Reproduce from Switcher Management
Steps to reproduce the behavior:
domainquery only using theenvironmentand_componentnames.Expected behavior
When using the Client SDK, the Domain name is already embedded into the token, therefore, the name can be discarded in the upcoming releases.
When using Admin users, the name or Domain ID should be required.
The text was updated successfully, but these errors were encountered: