Nuiifornet

**Name of the Vulnerable Software and Affected Versions** Bugsink versions prior to 2.2.0 **Description** Bugsink is a self-hosted error tracking tool. A project-boundary authorization issue exists where issue event pages accept a direct event identifier from the URL and retrieve the event without verifying that it belongs to the issue specified in the URL. This allows an authenticated user with access to one project to view event data from another project through an issue they are authorized to access. The affected views include the stacktrace, details, and breadcrumbs pages. Exploitation requires the attacker to possess a valid target event UUID, as there is no path for event enumeration and guessing UUIDs is impractical. **Recommendations** Update to version 2.2.0.