GHSA-382c-vx95-w3p5: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
Summary
GET /v1/contributors/:login/profile and the gittensory_get_contributor_profile MCP tool skip the contributor-scoped access check that every sibling endpoint enforces. Any authenticated session/API/MCP token holder can read any contributor's profile; for confirmed Gittensor miners that exposes alphaPerDay, taoPerDay, usdPerDay (and the hotkey on the REST path). Authenticated cross-contributor disclosure, CWE-284 / IDOR.
Details
In src/api/routes.ts the profile handler returns buildContributorProfile(...) with no requireContributorAccess call. Every sibling (/decision-pack, /repos/:owner/:repo/decision, etc.) gates and 403s on a cross-contributor request — the profile route is the only omission. buildContributorProfile (src/signals/engine.ts) embeds hotkey and the three *PerDay fields for any confirmed miner.
The MCP tool getContributorProfile (src/mcp/server.ts) also omits requireContributorAccess. Its redactSensitiveForMcp filter only strips keys matching hotkey|coldkey|wallet|private_key|privateKey|mnemonic, so the hotkey is dropped but alphaPerDay/taoPerDay/usdPerDay pass through.
The codebase treats these as secret everywhere else — decision-pack.ts destructures the hotkey out before serving, and three sanitizers scrub hotkey/wallet from AI/comment output — which is why this is an oversight, not by-design.
Exposure: REST → hotkey + 3 financial fields; MCP → 3 financial fields (hotkey redacted).
PoC
1. Get any valid session/API/MCP token.
2. Pick a target login that is a confirmed miner.
3. GET /v1/contributors/{target}/profile → 200 with gittensor.hotkey, alphaPerDay, taoPerDay, usdPerDay.
4. GET /v1/contributors/{target}/decision-pack (same token) → 403, proving the missing gate.
5. MCP gittensory_get_contributor_profile with {target} → result includes the three *PerDay fields.
Impact
Any token holder can enumerate other miners' daily TAO/alpha/USD revenue (plus hotkey via REST) without authorization. All miners with snapshot data are affected.
Details
Original advisory: https://github.com/advisories/GHSA-382c-vx95-w3p5
More from GitHub Security Advisories
- criticalGHSA-g936-7jqj-mwv8: TSDProxy: Internal proxy auth token forwarded to backend services enables management API …2026-07-10
- highGHSA-fpg8-7664-jc5q: melange: Incomplete package integrity verification allows data section substitution2026-07-10
- mediumGHSA-48rx-c7pg-q66r: Excon does not redact additional sensitive/risky headers when following redirects2026-07-10
- highGHSA-h4g2-xfmw-q2c9: Clauster: Non-loopback deployments can serve the dashboard unauthenticated when auth.enab…2026-07-10
- mediumGHSA-rqq5-2gf9-4w4q: Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when giv…2026-07-10