Rozpuszczalny

**Name of the Vulnerable Software and Affected Versions** changedetection.io versions prior to 0.45.13 **Description** The API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user, allowing them to check one's watch history. However, the impact on users' data privacy is minimal because an unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server. **Recommendations** For versions prior to 0.45.13, upgrade to version 0.45.13 or later to address the issue. As a temporary workaround, consider restricting access to the `/api/v1/watch/<uuid>/history` API endpoint until the upgrade is applied.