Name of the Vulnerable Software and Affected Versions Neos (affected versions not specified)

Description The issue allows unauthorized access to internal workspaces in Neos without authentication. This means that internal workspaces, which are non-public and do not have an owner, can be viewed by anyone who knows the workspace name, including a unique hash. The impact is somewhat mitigated because there is no default internal workspace, so only user-created workspaces are affected. An attacker would need to obtain the workspace name, including the hash, to exploit the issue. This can be done through brute force or educated guesses, although it is not a trivial task.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.