Lucene search

MitreCVELIST:CVE-2020-11464

HistoryApr 01, 2020 - 8:51 p.m.

CVE-2020-11464

2020-04-0120:51:54

mitre

www.cve.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user’s privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc.

References

blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/

support.deskpro.com/en/news/posts/deskpro-security-update-2019-09

support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

Related for CVELIST:CVE-2020-11464