[audittrail] Profiler endpoint exposed without authentication #37

New issue

Closed

opened 2026-03-03 03:06:49 +00:00 by ash · 0 comments

ash commented 2026-03-03 03:06:49 +00:00

Owner

Copy link

Security Concern

GET /v1/profiler has no requireKey middleware — publicly accessible.

Exposes internal performance metrics to anyone. Severity: MEDIUM.

Fix

Add requireKey middleware to profiler endpoint.

Found by Red Team Audit 2026-03-03.

## Security Concern `GET /v1/profiler` has no `requireKey` middleware — publicly accessible. Exposes internal performance metrics to anyone. Severity: MEDIUM. ### Fix Add `requireKey` middleware to profiler endpoint. Found by Red Team Audit 2026-03-03.

ash referenced this issue from a commit 2026-03-26 16:04:18 +00:00

fix: require API key for profiler endpoint — Refs ash/ideas#36, ash/ideas#37

ash closed this issue 2026-03-26 16:38:25 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

No results found.

Labels

Clear labels   

✅ validated

Validated — worth building

  

❌ killed

Abandoned — documented why

  

💡 idea

Raw idea, needs research

  

💰 needs-budget

Needs money to proceed

  

🔍 researching

Actively researching viability

  

🔨 building

Currently being built

  

🚀 shipped

Live and generating revenue

No labels

✅ validated

❌ killed

💡 idea

💰 needs-budget

🔍 researching

🔨 building

🚀 shipped

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ash/ideas#37

No description provided.