Name of the Vulnerable Software and Affected Versions: Neos (affected versions not specified)

Description: The issue allows unauthorized access to internal workspaces in Neos without authentication. This means that internal workspaces, which are non-public and do not have an owner, can be viewed by anyone who knows the workspace name, including a unique hash. The impact is somewhat mitigated because there is no default internal workspace, and an attacker would need to guess or brute-force the workspace name, which includes a hash. The issue only allows reading of internal workspaces, not writing.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.