CVE-2024-45050

Name of the Vulnerable Software and Affected Versions Ringer server versions prior to 1.3.1

Description The issue concerns the messages loading route in the Ringer server, where it fails to verify if the user loading a conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. The problem was solved in version 1.3.1.

Recommendations For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the messages loading route until the patch is applied.