Aerowithanl

**Name of the Vulnerable Software and Affected Versions** Rasa Pro versions prior to 3.9.20 Rasa Pro versions prior to 3.10.19 Rasa Pro versions prior to 3.11.7 Rasa Pro versions prior to 3.12.6 **Description** A vulnerability has been identified in Rasa Pro where voice connectors do not properly implement authentication even when a token is configured in the `credentials.yml` file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. **Recommendations** For versions prior to 3.9.20, update to version 3.9.20 or later to resolve the issue. For versions prior to 3.10.19, update to version 3.10.19 or later to resolve the issue. For versions prior to 3.11.7, update to version 3.11.7 or later to resolve the issue. For versions prior to 3.12.6, update to version 3.12.6 or later to resolve the issue. As a temporary workaround, consider restricting access to voice connectors until a patch is applied.