Summary
The Knowledge Transfer API exposes a publicly accessible debug endpoint:
This endpoint can be accessed without authentication and performs database queries against the production chat_history table while operating under the privileged PostgreSQL service_role.
Because service_role bypasses Supabase Row-Level Security (RLS), the endpoint is able to retrieve records that would normally require authorization checks.
At the time of testing, returned records are serialized as Python object representations rather than actual message contents. However, the endpoint is already querying real production chat records and returning database objects to unauthenticated users. A minor serialization change, debugging update, or framework modification could immediately expose sensitive conversation data.
Additionally, verbose error responses disclose internal implementation details including SQLAlchemy exceptions, raw SQL queries, PostgreSQL role names, and Sentry identifiers.
Severity
Low (Information Disclosure / Security Misconfiguration)
The impact is limited because chat content is not currently exposed. However, the endpoint represents an unauthenticated access path into sensitive production data while RLS protections are effectively bypassed.
Proof of Concept
  1. Unauthenticated Access to Production Chat Records
Response:
{
"content": [
"<app.models.ChatHistory object at 0x7f187f1528d0>",
"<app.models.ChatHistory object at 0x7f187f152e70>"
]
}
The endpoint returns real ChatHistory objects retrieved from the production database.
  1. Evidence That Queries Run With service_role
The endpoint accepts a user-controlled role parameter.
Request:
Response:
{
"content":[ ... 10 ChatHistory rows ... ]
}
Request:
Response:
{
"content":[]
}
When queried as authenticated, Row-Level Security prevents access.
When queried as service_role, records are returned.
This demonstrates that the endpoint is executing database queries with elevated privileges that bypass RLS protections.
  1. Verbose Error Disclosure
Request:
Response excerpts:
{
"exception_type":"sqlalchemy.exc.ProgrammingError",
"errors":[
{
"detail":"asyncpg.exceptions.InsufficientPrivilegeError"
}
],
"sentry_id":"..."
}
The response exposes:
SQLAlchemy exception classes
asyncpg exception details
Raw SQL statements
PostgreSQL role names
Internal Sentry identifiers
Impact
Primary Impact
An unauthenticated user can invoke a production database query against the chat_history table using a privileged role that bypasses Row-Level Security.
Although message contents are not currently returned, the endpoint already accesses real production records and exposes database objects from a sensitive datastore.
This creates a fragile security boundary where future code changes could unintentionally expose conversation data without requiring any authentication bypass.
Secondary Impact
Verbose error responses provide attackers with:
Database role information
ORM implementation details
Backend technology stack disclosure
SQL query structures
Internal monitoring references
This information can assist targeted reconnaissance and future exploitation attempts.