{"vulnerability": "GHSA-WW5P-J6CJ-6MQQ", "sightings": [{"uuid": "60027eb5-19cb-413d-bc71-fea53926d97b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-WW5P-J6CJ-6MQQ", "type": "seen", "source": "https://gist.github.com/alon710/50034d243d8ecc5094ce95388ae028b5", "content": "# GHSA-WW5P-J6CJ-6MQQ: GHSA-WW5P-J6CJ-6MQQ: Credential Exposure in Nezha Dashboard DDNS and Notification APIs\n\n&gt; **CVSS Score:** 5.5\n&gt; **Published:** 2026-06-26\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-WW5P-J6CJ-6MQQ\n\n## Summary\nGHSA-WW5P-J6CJ-6MQQ is a technical credential exposure vulnerability in Nezha Dashboard prior to version 2.2.5. The vulnerability allows authenticated administrative users or actors possessing scoped read-only Personal Access Tokens (PATs) to exfiltrate plaintext third-party API credentials, secret keys, and webhook authorization headers due to a lack of data redaction during API object serialization.\n\n## TL;DR\nNezha Dashboard prior to version 2.2.5 leaks high-privilege third-party integration credentials (such as Cloudflare tokens and webhook authorization headers) in plaintext via the authenticated list endpoints for DDNS and notifications.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-200\n- **Attack Vector**: Network\n- **CVSS v4 Score**: 5.5 (Medium)\n- **Exploit Status**: poc\n- **Impact**: Credential Disclosure\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Nezha Dashboard\n- **Nezha Dashboard**: &lt; 2.2.5 (Fixed in: `2.2.5`)\n\n## Mitigation\n\n- Upgrade Nezha Dashboard to version 2.2.5 or higher.\n- Restrict administrative web dashboard endpoints (/api/v1/ddns and /api/v1/notification) to trusted network origins using reverse proxies.\n- Audit and revoke administrative Personal Access Tokens (PATs) that carry read scopes.\n- Rotate all potentially exposed credentials including Cloudflare API tokens, webhook keys, and Telegram bot tokens.\n\n**Remediation Steps:**\n1. Pull the latest Docker image or binary for Nezha Dashboard &gt;= v2.2.5.\n2. Restart the container or binary services to apply the updated executable.\n3. Navigate to the external services (Cloudflare, Slack, Telegram, etc.) and generate replacement secret keys.\n4. Update the configurations within Nezha Dashboard with the newly generated secrets.\n\n## References\n\n- [Nezha Dashboard Security Advisory (GHSA-ww5p-j6cj-6mqq)](https://github.com/nezhahq/nezha/security/advisories/GHSA-ww5p-j6cj-6mqq)\n- [GitHub Advisory Database: GHSA-WW5P-J6CJ-6MQQ](https://github.com/advisories/GHSA-WW5P-J6CJ-6MQQ)\n- [Nezha Release v2.2.5](https://github.com/nezhahq/nezha/releases/tag/v2.2.5)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-WW5P-J6CJ-6MQQ) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-27T05:12:34.454311Z"}]}