Skip to content

[VULN-24] Error Messages Leak Internal Details #39

Description

@lyncmi07

Severity: Medium
Affected locations: routes/websites.ts:153-154, routes/git_websites.ts:74,122,163

Issue:
Raw backend errors are returned to clients, exposing internal topology, paths, and operational details useful for attacker reconnaissance.

Mitigation plan:

  1. Replace client-facing errors with generic messages.
  2. Log detailed diagnostics server-side with request correlation IDs.
  3. Standardize error response schema.

Verification / tests:

  • Tests assert no internal hostnames/stack details are returned in API error payloads.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions