Describe the bug
Critical information disclosure vulnerability exposing development environment configuration, payment credentials (PayPal/Stripe), complete infrastructure details, and database schema through multiple publicly accessible endpoints. This allows attackers to map the entire system architecture and access sensitive configuration data.

To Reproduce
Steps to reproduce the behavior:

1. Development Environment Exposure:

   • Go to https://dev-us-west-1.aixblock.io/user/login/
   • View page source and search for "APP_SETTINGS"
   • See complete configuration including PayPal ID: AV_rPGmMFTmS-yxa7krhgGomSClhbQwo519vG6DXlOg1Zs5G4zgHJnroDinBbIWpfAsH2ei4Fs8g3REH and Stripe key: pk_test_51PLECCP6xVZQvAyiA1cTtX1hrWgkqUB5iqAGiChZ0xTFll433HMv7ap69m1kgqOs0fyxbL5ZI43Akjepi4yaPwOu00BY6kvoMf

2. Version Information Disclosure:

   • Go to https://dev-us-west-1.aixblock.io/api/version/
   • See complete software stack versions and git commit hashes exposed

3. Storage Infrastructure Enumeration:

   • Run: curl -s http://144.202.5.64:9000/secrets
   • Run: curl -s http://144.202.5.64:9000/admin
   • Run: curl -s http://144.202.5.64:9000/api-keys
   • See "Access Denied" responses confirming 13+ storage buckets exist including sensitive ones

4. Database Error Disclosure:

   • Run: curl -s "https://workflow.aixblock.io/api/v1/mcp-servers?test=aaaaaaaaaaaaaaaaaaaaaa"
   • See PostgreSQL error: "code":"22001","message":"value too long for type character varying(21)"

Expected behavior

• Development environments should not be publicly accessible
• Payment credentials should never be exposed in client-side code
• Version information should not be publicly available
• Storage infrastructure should not be enumerable
• Database errors should not expose schema details

Screenshots
Terminal output showing the exposed information:

Development Configuration:
paypalClientId: "AV_rPGmMFTmS-yxa7krhgGomSClhbQwo519vG6DXlOg1Zs5G4zgHJnroDinBbIWpfAsH2ei4Fs8g3REH"
stripePublicKey: "pk_test_51PLECCP6xVZQvAyiA1cTtX1hrWgkqUB5iqAGiChZ0xTFll433HMv7ap69m1kgqOs0fyxbL5ZI43Akjepi4yaPwOu00BY6kvoMf"
storage_server: "144.202.5.64:9000"

Version Disclosure:
{"release": "2.1.1", "aixblock-frontend": {"commit": "jac04crga6h3fvwngw3xqzsj3jvh4mtwv0d6pvzfvs34vjwq0oy911r0wa8xz7ox"}}

Storage Enumeration:
<Error><Code>AccessDenied</Code><BucketName>secrets</BucketName></Error>
<Error><Code>AccessDenied</Code><BucketName>admin</BucketName></Error>
<Error><Code>AccessDenied</Code><BucketName>api-keys</BucketName></Error>

Database Error:
{"statusCode":500,"code":"22001","message":"value too long for type character varying(21)"}

Desktop (please complete the following information):

• OS: macOS
• Browser: Chrome, Safari, Firefox (all affected)
• Version: Latest versions

Smartphone (please complete the following information):

• Device: iPhone, Android (all affected)
• OS: iOS, Android (all affected)
• Browser: Safari, Chrome (all affected)
• Version: Latest versions

Additional context
This is a comprehensive security vulnerability affecting multiple critical systems:

Business Impact:

• Payment system credentials exposed enabling potential fraud
• Complete infrastructure architecture mapped for targeted attacks
• Database schema details disclosed aiding SQL injection attempts
• 13+ storage buckets enumerated including "secrets", "admin", "api-keys"

Affected Systems:

• dev-us-west-1.aixblock.io (Development environment)
• workflow.aixblock.io (Production workflow system)
• 144.202.5.64:9000 (MinIO storage infrastructure)

Security Implications:

• Enables reconnaissance for sophisticated attacks
• Provides staging environment for exploit development
• Exposes payment processing infrastructure
• Reveals internal system architecture and versions

Recommended Immediate Actions:

1. Restrict dev environment access (IP whitelist/VPN)
2. Rotate exposed PayPal/Stripe credentials
3. Remove public version endpoints
4. Implement proper error handling
5. Secure storage bucket enumeration

Severity Assessment: CRITICAL - Multiple systems compromised with payment credential exposure