#393 MEDIUM: Missing tenant isolation in checkpoint queries

closed medium Created 2025-12-11 22:21 · Updated 2025-12-12 19:07

Description

Edit

absurd_client.py:728-764 - get_checkpoints_for_run() queries by owner_run_id without tenant_id filter. If RLS not enabled, cross-tenant checkpoint access possible. Fix: Add tenant_id to WHERE clause.

Comments

Loading comments...

Context

Loading context...

Audit History

View All

Loading audit history...

#393 MEDIUM: Missing tenant isolation in checkpoint queries

Description

Similar Issues

Comments

Context

Audit History