漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
FreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound reply
Vulnerability Description
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view the parent conversation. It does not verify that the current user created the reply being undone. In a shared mailbox, one agent can therefore recall another agent's just-sent reply during the 15-second undo window. Version 1.8.214 fixes the vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
授权机制缺失
Vulnerability Title
FreeScout 安全漏洞
Vulnerability Description
FreeScout是FreeScout公司的一个使用 PHP(Laravel 框架)构建的超轻量级且功能强大的免费开源帮助台和共享收件箱。 FreeScout 1.8.214之前版本存在安全漏洞,该漏洞源于GET /conversation/undo-reply/{thread_id}路由仅检查当前用户是否可以查看父对话,未验证当前用户是否创建了要撤销的回复,可能导致在共享邮箱中,一个代理可以在15秒的撤销窗口内撤销另一个代理刚刚发送的回复。
CVSS Information
N/A
Vulnerability Type
N/A