Severity: Medium
Affected locations: routes/websites.ts:153-154, routes/git_websites.ts:74,122,163
Issue:
Raw backend errors are returned to clients, exposing internal topology, paths, and operational details useful for attacker reconnaissance.
Mitigation plan:
- Replace client-facing errors with generic messages.
- Log detailed diagnostics server-side with request correlation IDs.
- Standardize error response schema.
Verification / tests:
- Tests assert no internal hostnames/stack details are returned in API error payloads.
Severity: Medium
Affected locations:
routes/websites.ts:153-154,routes/git_websites.ts:74,122,163Issue:
Raw backend errors are returned to clients, exposing internal topology, paths, and operational details useful for attacker reconnaissance.
Mitigation plan:
Verification / tests: