Ywarnier

Name of the Vulnerable Software and Affected Versions: Chamilo-lms versions 1.11.8 and earlier Description: The issue is related to an Incorrect Access Control vulnerability in the Tickets component. This allows an authenticated user to read all tickets available on the platform due to a lack of access controls. The vulnerability can be exploited via the `ticket id` variable. Recommendations: For versions 1.11.8 and earlier, update to a version of Chamilo-lms that includes the fix committed after 33e2692a37b5b6340cf5bec1a84e541460983c03. As a temporary workaround, consider restricting access to the Tickets component to minimize the risk of exploitation.