漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
FreeScout has Customer Edit Cross-Mailbox Email Takeover
Vulnerability Description
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success flash, reassigns the hidden email to the visible customer, and rebinds hidden-mailbox conversations for that email to the visible customer. Version 1.8.214 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
FreeScout 安全漏洞
Vulnerability Description
FreeScout是FreeScout公司的一个使用 PHP(Laravel 框架)构建的超轻量级且功能强大的免费开源帮助台和共享收件箱。 FreeScout 1.8.214之前版本存在安全漏洞,该漏洞源于低权限代理可以编辑可见客户并添加另一个邮箱中隐藏客户已拥有的电子邮件地址,可能导致服务器在成功消息中披露隐藏客户的姓名和个人资料URL,将隐藏电子邮件重新分配给可见客户,并将该电子邮件的隐藏邮箱对话重新绑定到可见客户。
CVSS Information
N/A
Vulnerability Type
N/A