6Mile

**Name of the Vulnerable Software and Affected Versions** Retool (self-hosted enterprise) versions 3.18.1 through 3.40.0 **Description** The issue allows an authenticated attacker to discover credentials for users with "Use" permissions via the "/api/resources" endpoint. This is due to the insertion of resource authentication credentials into sent data. **Recommendations** For versions 3.18.1 through 3.40.0, consider restricting access to the "/api/resources" endpoint until a patch is available. As a temporary workaround, limit the permissions of users to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.