CVE-2020-14942

Name of the Vulnerable Software and Affected Versions Tendenci version 12.0.10

Description The issue concerns unrestricted deserialization in the staff.py file located in apps/helpdesk/views/. This could potentially allow for malicious activities due to the lack of restrictions on what can be deserialized. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For Tendenci version 12.0.10, consider restricting or disabling the deserialization functionality in the staff.py file until a proper fix is available. As a temporary workaround, limiting access to the apps/helpdesk/views/staff.py module can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.