An unauthenticated remote vulnerability in the Gaudire Assassin game exposes sensitive user information, including personal data of minors and municipal users.

The application fails to implement adequate access controls on its API and local database, allowing unauthenticated remote attackers to retrieve sensitive user data including email addresses and phone numbers.

The exposure of sensitive personal information, particularly involving minors and municipal users, creates a severe privacy and compliance risk. With a CVSS score of 9.2, this vulnerability could lead to large-scale data harvesting, resulting in reputational damage, significant legal liabilities, and potential regulatory fines related to data protection mandates.

Immediate Action: Update the Gaudire Assassin game to the latest patched version to implement proper authentication and authorization controls on the API and database.

Proactive Monitoring: Monitor API endpoints for unusual traffic patterns or unauthorized data access attempts by unauthenticated sources.

Compensating Controls: Ensure that sensitive database fields are encrypted at rest and that API access is restricted to authorized clients via robust authentication mechanisms.

Public Exploit Available: No

This vulnerability represents a critical data privacy failure. Administrators must apply the vendor patch immediately and perform a post-remediation audit to ensure that no unauthorized exfiltration of the database has occurred.