Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allow…

Chartbrew version 4.9.0 contains a vulnerability allowing authenticated users to modify or delete SharePolicy records belonging to other projects. The flaw stems from inadequate authorization checks where routes verify project access but fail to validate that policy_id belongs to the authorized project. This enables unauthorized cross-project modification of dashboard sharing configurations including visibility settings, password requirements, allowed parameters, and expiration controls. The vulnerability affects multi-tenant deployments where project isolation is critical for security. A patch has been released in version 5.0.0 that addresses the authorization bypass issue.