Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through "/api/config/raw". This exposes sensitive values that are intentionally redacted from "/api/config", including camera credentials, go2rtc stream credentials, MQTT passwords, proxy secrets, and any other secrets stored in "config.yml". This appears to be a broken access control issue introduced by the admin-by-default API refactor: "/api/config/raw_paths" is admin-only, but "/api/config/raw" is still accessible to any authenticated user. Version 0.17.1 contains a patch.