CVE-2025-52493

Name of the Vulnerable Software and Affected Versions PagerDuty Runbook versions through 2025-06-12

Description PagerDuty Runbook through 2025-06-12 has an issue where stored secrets are exposed directly in the webpage Document Object Model (DOM) at the configuration page. While these secrets are displayed as masked password fields, the actual secret values are present in the page source. An attacker with administrative access to the configuration page can reveal the secret values by modifying the input field type from "password" to "text" using browser developer tools.

Recommendations Versions through 2025-06-12 should be updated. As a temporary workaround, restrict access to the configuration page to authorized personnel only.