Dmjb

**Name of the Vulnerable Software and Affected Versions** ToolHive versions prior to 0.0.33 **Description** The issue arises from the ordering of code used to start a Model Context Protocol (MCP) server container in ToolHive, inadvertently storing secrets in run config files. This allows an attacker with access to the user's home folder to read secrets without needing access to the secrets store itself. The issue only applies to secrets used in containers with existing run configs. **Recommendations** For versions prior to 0.0.33, stop and delete any running MCP servers. For versions prior to 0.0.33, manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux). Update to version 0.0.33 to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Minder versions prior to 0.0.33 **Description** A Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repository and any permissions present. The database query checks by repo owner, repo name, and provider name (which is always "github"). These query values are not distinct for the particular user, as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repository. This issue affects any user and project in a multi-tenant Minder instance. **Recommendations** To resolve this issue, update to version 0.0.33 or later. As a temporary workaround, consider restricting access to the `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` endpoints until a patch is applied. Additionally, restrict the use of the `DeleteRepositoryByName` function to prevent unauthorized deletion of repositories. Avoid using the `GetArtifactByName` endpoint until the issue is resolved.