CVE-2020-11464

Name of the Vulnerable Software and Affected Versions Deskpro versions prior to 2019.8.0

Description An issue was discovered where the "/api/people" endpoint failed to properly validate a user's privilege. This allowed an attacker to retrieve sensitive information about all users registered on the system, including their full name, privilege, email address, phone number, etc.

Recommendations For versions prior to 2019.8.0, update to version 2019.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/api/people" endpoint to minimize the risk of exploitation.