Unknown · Freescout End-User Portal · CVE-2023-52268
**Name of the Vulnerable Software and Affected Versions**
FreeScout End-User Portal module versions prior to 1.0.65
**Description**
The issue allows an attacker to authenticate as an arbitrary user because a session token can be sent to the "/auth" endpoint.
**Recommendations**
For versions prior to 1.0.65, update to version 1.0.65 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "/auth" endpoint until a patch is available.