CVE-2024-23193

Name of the Vulnerable Software and Affected Versions Software (affected versions not specified)

Description The issue arises from E-Mails being exported as PDF and stored in a cache that does not consider specific session information for the related user account. This allows users of the same service node to access other users' E-Mails for a brief moment until caches are cleared, provided they have good timing and modify multiple request parameters. The cache for PDF exports has been updated to take user session information into consideration when performing authorization decisions.

Recommendations Please deploy the provided updates and patch releases to resolve the issue. At the moment, there is no information about a specific version that contains a fix for this vulnerability.