DescriptionBlueWave Checkmate versions prior to 2.1 contain an information disclosure vulnerability in the settings API. An authenticated regular user can access the /api/v1/settings endpoint and retrieve sensitive application secrets due to insufficient authorization enforcement and incomplete masking of sensitive fields in settings responses. This allows a low-privileged user to obtain configuration values intended to be restricted to administrative access.