Fitzprop

**Name of the Vulnerable Software and Affected Versions** Walmart Labs Concord versions prior to 1.44.0 **Description** An issue allows remote attackers to discover host information, nodes, API metadata, and references to usernames via the "api/v1/apikey" endpoint. This is due to CORS Access-Control-Allow-Origin headers having a potentially unsafe dependency on Origin headers and not being configurable. **Recommendations** For versions prior to 1.44.0, update to version 1.44.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "api/v1/apikey" endpoint to minimize the risk of exploitation.