CVE-2026-50554Medium· 5.3▾ SunlitNote Mark: Unauthenticated disclosure of soft-deleted note metadata via deleted=true on public books
▾ Sunlit zone — Low / medium · no exploitation signal
impact 29.2 · likelihood 0 · exploitation 0
Need a working PoC? Pro members can cast a request and our team develops one — it lands right here.
Summary
GET /api/books/{bookID}/notes is an unauthenticated endpoint that accepts a "deleted" query parameter. When the request is ?deleted=true, the service runs the query with Unscoped() (bypassing GORM's soft-delete scope) but keeps the read-authorization clause as "owner_id = ? OR is_public = ?". As a result, any unauthenticated caller can enumerate the metadata of soft-deleted ("trashed") notes belonging to any public book — notes the owner explicitly deleted and expected to be removed from public view.
Affected component (code-verified)
backend/services/notes.go — GetNotesByBookID (lines 72-89):
func (s NotesService) GetNotesByBookID(currentUserID *uuid.UUID, bookID uuid.UUID, deleted bool) ([]db.Note, error) { tx := db.DB if deleted { tx = tx.Unscoped() // <-- bypasses soft-delete scope } tx = tx. Preload("Book"). Joins("JOIN books ON books.id = notes.book_id"). Where( db.DB.Where("books.id = ?", bookID), db.DB.Where("owner_id = ? OR is_public = ?", currentUserID, true), // <-- is_public still honored for trash ) if deleted { tx = tx.Where("notes.deleted_at IS NOT NULL") } var notes []db.Note return notes, dbErrorToServiceError(tx.Find(¬es).Error) }
Route registration confirms the endpoint has no AuthRequiredMiddleware (backend/handlers/notes.go:37), and the deleted flag is attacker-controlled (backend/handlers/notes.go:86 — Deleted bool with query:"deleted").
Proof of concept
Impact
Exposure of soft-deleted note metadata (title, slug, timestamps) of public books to unauthenticated actors. The note body is not exposed — the content endpoint (GetNoteContent) does not use Unscoped(), so its count query returns 0 for soft-deleted notes and yields 404. Impact is therefore limited to metadata disclosure and the bypass of the intended "delete" semantics on public books.
Remediation
Restrict trash (soft-deleted) listings to the book owner only — never honor the is_public branch when deleted=true:
func (s NotesService) GetNotesByBookID(currentUserID *uuid.UUID, bookID uuid.UUID, deleted bool) ([]db.Note, error) { tx := db.DB if deleted { tx = tx.Unscoped() }
// Soft-deleted ("trash") notes must only ever be listed to the book owner.
authz := db.DB.Where("owner_id = ? OR is_public = ?", currentUserID, true)
if deleted {
authz = db.DB.Where("owner_id = ?", currentUserID)
}
tx = tx.
Preload("Book").
Joins("JOIN books ON books.id = notes.book_id").
Where(
db.DB.Where("books.id = ?", bookID),
db.DB.Where("owner_id = ? OR is_public = ?", currentUserID, true),
authz,
)
if deleted {
tx = tx.Where("notes.deleted_at IS NOT NULL")
}
var notes []db.Note
return notes, dbErrorToServiceError(tx.Find(¬es).Error)
}
With this change, when currentUserID is nil (unauthenticated) and deleted=true, the clause becomes owner_id = NULL, which matches nothing — so trash is never exposed to anonymous callers.
Coordinated disclosure / CVE request
We have reported this privately and are happy to assist with any further validation or testing you need. If you agree this qualifies as a security vulnerability, we would be grateful if you could request a CVE ID for it — GitHub lets maintainers request a CVE directly from this advisory page once it is accepted. Thank you for your time and for maintaining note-mark.
References
github.com/enchant97/note-mark/backend < 0.0.0-20260601210758-9c9b72740f22Upgrade to a patched release:
github.com/enchant97/note-mark/backend 0.0.0-20260601210758-9c9b72740f22Connected by shared product, vendor, weakness, or advisory.
CVE-2026-50553HighNote Mark: Path traversal via unsanitized book/note slug in migrate export (sibling of GHSA-g49p)
CVE-2026-49397Medium· 5.3Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data
CVE-2026-49463Medium· 6.5NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
CVE-2026-45048High· 8.5OpenAM Authenticated Privilege Escalation via Raw Token Disclosure Session RPC
GHSA-g936-7jqj-mwv8Critical· 9.0TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation
CVE-2026-53553High· 7.7Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise