CVE-2023-51386

Name of the Vulnerable Software and Affected Versions Sandbox Accounts for Events versions prior to 1.10.0

Description The issue allows authenticated users to potentially read data from the events table by sending request payloads to the "events API", collecting information on planned events, timeframes, budgets, and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to.

Recommendations For versions prior to 1.10.0, update to version 1.10.0 to resolve the issue. As a temporary workaround, consider restricting access to the "events API" to minimize the risk of exploitation. Avoid using the events API to collect sensitive information until the issue is resolved.