Highrazvanilin

**Name of the Vulnerable Software and Affected Versions** Chartbrew versions prior to 4.8.4 **Description** Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.4, the chart filter endpoint, ''/project/:project id/chart/:chart id/filter'', lacks both `verifyToken` and `checkPermissions` middleware. This allows unauthenticated users to access chart data from any team or project. The `project id` and `chart id` are vulnerable parameters. **Recommendations** Update to version 4.8.4 or later.