Ddecrulle

**Name of the Vulnerable Software and Affected Versions** Onyxia versions 4.6.0 through 4.8.0 **Description** Onyxia-API leaked credentials of private helm repositories through the public `/public/catalogs` endpoint. Only instances using private helm repositories with configured usernames and passwords in the catalogs configuration are affected. The issue is fixed in version 4.9.0. **Recommendations** Upgrade to version 4.9.0 or later.