CVE-2025-13084

Name of the Vulnerable Software and Affected Versions groov View (affected versions not specified)

Description The users endpoint within the groov View API reveals a list of all users along with their associated metadata, including API keys. Access to this endpoint is governed by role-based access control, specifically requiring an Editor role. However, even with the necessary role, the endpoint exposes API keys for all users, encompassing those with Administrator privileges. The API endpoint is /users. The exposed data includes API keys associated with each user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.