Robert Keyser

**Name of the Vulnerable Software and Affected Versions** Fides versions 2.19.0 through 2.39.2rc0 **Description** A vulnerability in Fides allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of the `SERVER SIDE FIDES API URL` server-side configuration environment variable. This variable's value is a URL that typically includes a private IP address, private domain name, and/or port. The disclosure of this information could result in an attacker gaining knowledge of server-side ports, private IP addresses, and/or private domain names. **Recommendations** For Fides versions 2.19.0 through 2.39.2rc0, upgrade to Fides version 2.39.2 or later to secure the system against this threat. As a temporary workaround, consider restricting access to the Privacy Center's main page, for example, `https://privacy.example.com`, until the issue is resolved. Avoid using the `SERVER SIDE FIDES API URL` environment variable in the Privacy Center until the issue is resolved.