PT-2023-22658 · Unknown · Helpdezk Community

David Utón Amaya

Publicado

2023-10-04

Atualizado

2023-10-05

CVE-2023-3037

CVSS v3.1

8.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions HelpDezk Community version 1.1.10

Description The issue is related to improper authorization, allowing a remote attacker to access the platform without authentication. This could lead to the retrieval of personal data via the jsonGrid parameter.

Recommendations For version 1.1.10, consider restricting access to the jsonGrid parameter until a patch is available. As a temporary workaround, disabling the feature that utilizes the jsonGrid parameter may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285

Identificadores relacionados

CVE-2023-3037

Produtos afetados

Helpdezk Community

PT-2023-22658 · Unknown · Helpdezk Community

CVE-2023-3037

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6