Expected Findings
- Public config includes internal topology and flags.
- Debug config reveals environment and secret hints.
Settings Surface
Config Leak
The page boot flow fetches two configuration endpoints that include internal hostnames, feature flags, and environment details not meant for the client.
Config bootstrap
Primary Flows
- Public config Top-level config exposure
- Debug config Verbose environment output
Signals
Flags
{"enableAdmin":true,"bypassRateLimit":true}