Name of the Vulnerable Software and Affected Versions:

FreeScout versions prior to 1.8.180

Description:

The issue allows an attacker with an unactivated email invitation containing the `invite hash` to self-activate their account, even if it is blocked or deleted. This is achieved by leveraging the invitation link from the email to gain initial access to the account.

Recommendations:

For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider restricting access to the invitation link from unactivated email invitations until the update is applied.