CVE-2022-45180

Name of the Vulnerable Software and Affected Versions LIVEBOX Collaboration vDesk versions through v018

Description An issue exists due to Broken Access Control under the "/api/v1/vdesk {DOMAIN}/export" endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system, an operation intended to only be available to the system administrator.

Recommendations For versions through v018, as a temporary workaround, consider restricting access to the "/api/v1/vdesk {DOMAIN}/export" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.