Unrated severityNVD Advisory· Published Apr 1, 2020· Updated Aug 4, 2024
CVE-2020-11466
CVE-2020-11466
Description
An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized parties. Additionally, it leaked ticket authentication code, making it possible to make changes to a ticket.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Deskpro/Deskprodescription
- Range: <2019.8.0
Patches
Vulnerability mechanics
References
3- blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/mitrex_refsource_MISC
- support.deskpro.com/en/news/posts/deskpro-security-update-2019-09mitrex_refsource_MISC
- support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-updatemitrex_refsource_MISC
News mentions
0No linked articles in our index yet.