CVE-2024-28186

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.124

Description A vulnerability has been identified in the FreeScout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing complete stack traces of exceptions in its database. The sensitive information is then inadvertently disclosed to users via the "/conversation/ajax-html/send log?folder id=&thread id={id}" endpoint. The stack trace reveals the value of parameters, including the username and password, passed to the Swift Transport Esmtp Auth LoginAuthenticator->authenticate() function. Exploiting this vulnerability allows an attacker to gain unauthorized access to SMTP server credentials. With this sensitive information in hand, the attacker can potentially send unauthorized emails from the compromised SMTP server, posing a severe threat to the confidentiality and integrity of email communications.

Recommendations For versions prior to 1.8.124, upgrade to version 1.8.124 or later. As a temporary workaround, consider avoiding the storage of complete stack traces, implementing redaction mechanisms to filter and exclude sensitive information, and reviewing and enhancing the application's logging practices. Restrict access to the "/conversation/ajax-html/send log?folder id=&thread id={id}" endpoint to minimize the risk of exploitation. Avoid using the username and password parameters in the affected API endpoint until the issue is resolved.