Ekassos

**Name of the Vulnerable Software and Affected Versions** PingPong versions prior to 7.27.2 **Description** PingPong is a platform designed for utilizing large language models (LLMs) in educational settings. An authenticated user could potentially retrieve or delete files beyond their authorized access scope. This could lead to the unauthorized access or removal of private files, including those uploaded by users and those generated by the model. Exploitation requires user authentication and specific permissions: viewing at least one thread is needed for retrieval, and participation in at least one thread is needed for deletion. **Recommendations** Versions prior to 7.27.2 should be updated to version 7.27.2.