YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
DB-GPT v0.8.0 β Unauthenticated datasource credential disclosure (plaintext password leak) β huntr PoC
Private/gated proof-of-concept accompanying a huntr vulnerability report. Access is granted only to the huntr triage bot.
Target: eosphoros-ai/DB-GPT @ v0.8.0 (commit a3f21350, latest release).
The datasource API ships stored DB credentials to the client in cleartext. RDBMSDatasourceParameters
tags its password field with metadata={"tags":"privacy"} and str(param) honours it (masks the
secret) β but BaseParameters.to_dict() (asdict) ignores the tag, and
DatasourceService._to_query_response returns param.to_dict() as DatasourceQueryResponse.params.
The privacy control masks in one path and leaks the plaintext password in the serializer path β a
genuinely broken defense, not merely "missing auth".
Contents
README.mdβ this file.REPORT.md/POC.mdβ the vulnerability report and walkthrough (added separately).poc/fire_031.pyβ self-contained deterministic PoC (differential oracle:str()masks vsto_dict()leaks, on the same secret). Run network-isolated:unshare --user --map-root-user --net python3 poc/fire_031.pypoc/vendor/β the four real v0.8.0 source files the PoC loads/executes, byte-identical to the released PyPI wheeldbgpt==0.8.0β sha256 inpoc/PROVENANCE.txt:parameter_utils.py(BaseParameters.__str__/.to_dict/ masking),manager.py(RegisterParameters/ polymorphic metaclass),parameter.py(BaseDatasourceParameters.from_persisted_state),base.py(theRDBMSDatasourceParametersclass with thepasswordprivacy tag).
poc/sandbox_031.logβ a recorded run (differential oracle + server-sink reproduction, all PASS).
Harmless in-memory dataclass ops only; no network egress; the target repository is never built or installed.