PT-2023-22658 · Unknown · Helpdezk Community

David Utón Amaya

Published

2023-10-04

Updated

2023-10-05

CVE-2023-3037

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions HelpDezk Community version 1.1.10

Description The issue is related to improper authorization, allowing a remote attacker to access the platform without authentication. This could lead to the retrieval of personal data via the jsonGrid parameter.

Recommendations For version 1.1.10, consider restricting access to the jsonGrid parameter until a patch is available. As a temporary workaround, disabling the feature that utilizes the jsonGrid parameter may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2023-3037

Affected Products

Helpdezk Community

PT-2023-22658 · Unknown · Helpdezk Community

CVE-2023-3037

Weakness Enumeration

Related Identifiers

Affected Products

References · 6