CVE-2020-11463
First published: Wed Apr 01 2020(Updated: )
An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts, including incoming and outgoing email credentials. This enables an attacker to get full access to all emails sent or received by the system including password reset emails, making it possible to reset any user's password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deskpro Deskpro | <2019.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-11463?
CVE-2020-11463 is a vulnerability in Deskpro before version 2019.8.0 that allows an attacker to retrieve cleartext credentials of all helpdesk email accounts.
What is the severity of CVE-2020-11463?
The severity of CVE-2020-11463 is high with a CVSS score of 7.5.
How does CVE-2020-11463 affect Deskpro?
CVE-2020-11463 affects Deskpro versions before 2019.8.0.
How can an attacker exploit CVE-2020-11463?
An attacker can exploit CVE-2020-11463 by accessing the /api/email_accounts endpoint to retrieve cleartext credentials of helpdesk email accounts.
Is there a fix for CVE-2020-11463?
Yes, a fix for CVE-2020-11463 is available in Deskpro version 2019.8.0 and later.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/tags
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- vendor/deskpro
- canonical/deskpro deskpro