Replies: 1 comment 1 reply
-
|
Yeah, out of all those fields, only the following seem required: Which means we can remove quite a bit of fields from that output. I'll change that tomorrow. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Fixed in 84810f2 |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I'm not a 100% this is working as intended hence i put this under discussion - but it seems very unlogic to me why it would be as it would be a potential security risk i believe.
Also, in the official bitwarden service, information like this is not disclosed.
The issue I found, is that when accessing a Send from it's public link, when taking a look at the API response stuff like private notes is disclosed (even though it's not plaintext, I don't think it's supposed to be publicly available???), along with other fields i don't think should be in there for the public view aswell. I quickly highlighted some of them I feel is very unnecessary, but some might be a requirement idk.
These fields is nowhere found looking at the same API response when using the official Bitwarden service.
From the vaults perspective
Setup (latest testing tag as of writing this)
Your environment (Generated via diagnostics page)
Beta Was this translation helpful? Give feedback.
All reactions