漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
FreeScout's Customer AJAX Create Modifies Hidden Existing Customer
Vulnerability Description
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already belongs to a hidden customer, Customer::create() reuses that hidden customer object and fills empty profile fields from attacker-controlled input. Version 1.8.214 fixes the vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
FreeScout 安全漏洞
Vulnerability Description
FreeScout是FreeScout公司的一个使用 PHP(Laravel 框架)构建的超轻量级且功能强大的免费开源帮助台和共享收件箱。 FreeScout 1.8.214之前版本存在安全漏洞,该漏洞源于在有限可见性下,POST /customers/ajax端点中的action=create流程会丢弃唯一电子邮件验证,可能导致如果提供的电子邮件已属于隐藏客户,Customer::create会重用该隐藏客户对象并用攻击者控制的输入填充空个人资料字段。
CVSS Information
N/A
Vulnerability Type
N/A