Unrated severityNVD Advisory· Published Apr 1, 2020· Updated Aug 4, 2024
CVE-2020-11465
CVE-2020-11465
Description
An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user's privilege, allowing an attacker to control/install helpdesk applications and leak current applications' configurations, including applications used as user sources (used for authentication). This enables an attacker to forge valid authentication models that resembles any user on the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Deskpro/Deskprodescription
- Range: <2019.8.0
Patches
Vulnerability mechanics
References
3- blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/mitrex_refsource_MISC
- support.deskpro.com/en/news/posts/deskpro-security-update-2019-09mitrex_refsource_MISC
- support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-updatemitrex_refsource_MISC
News mentions
0No linked articles in our index yet.