Tag
high
advisory
Arcane Global Variables Endpoint Missing Admin Authorization Check
2 rules 3 TTPsA missing admin authorization check in the Arcane application on the `PUT /api/environments/{id}/templates/variables` endpoint allows any authenticated non-admin user to overwrite global environment variables, leading to supply-chain RCE, credential theft, and cross-tenant impact by overriding critical configuration values.
Arcane
authorization-bypass
rce
credential-theft
supply-chain
2r
3t
high
advisory
Arcane Unauthenticated Compose Template Content Disclosure
2 rules 1 TTPArcane versions before 1.18.0 are vulnerable to an unauthenticated information disclosure on four GET endpoints under `/api/templates*`, allowing unauthorized access to Compose YAML and `.env` content including sensitive secrets.
Arcane
information-disclosure
vulnerability
2r
1t