Describe the bug
A security vulnerability has been identified in the enterprise/config-env component regarding the environment variable replacement mechanism. Because this issue concerns potential exposure of environment configuration and host credentials, the full details have been submitted privately to protect deployments.
Steps to reproduce the bug
Full reproduction steps, impact analysis, and a working proof-of-concept configuration payload have been submitted via the repository's private security advisory channel.
Expected behavior
Environment variable substitution should only occur for non-sensitive variables verified against an explicit allowlist.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
OS: Windows/Linux
Browser: Chrome
Version: N/A
Any additional context
Please check the repository's Private Security Advisories portal or contact your security team to review the complete submission (which includes code references, CVSS v3.1 calculation, and a proposed code-level remediation).****
Describe the bug
A security vulnerability has been identified in the enterprise/config-env component regarding the environment variable replacement mechanism. Because this issue concerns potential exposure of environment configuration and host credentials, the full details have been submitted privately to protect deployments.
Steps to reproduce the bug
Full reproduction steps, impact analysis, and a working proof-of-concept configuration payload have been submitted via the repository's private security advisory channel.
Expected behavior
Environment variable substitution should only occur for non-sensitive variables verified against an explicit allowlist.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
OS: Windows/Linux
Browser: Chrome
Version: N/A
Any additional context
Please check the repository's Private Security Advisories portal or contact your security team to review the complete submission (which includes code references, CVSS v3.1 calculation, and a proposed code-level remediation).****