CVE-2020-11464
First published: Wed Apr 01 2020(Updated: )
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deskpro Deskpro | <2019.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-11464?
CVE-2020-11464 is a vulnerability discovered in Deskpro before version 2019.8.0.
What is the impact of CVE-2020-11464?
The impact of CVE-2020-11464 is that an attacker can retrieve sensitive information about all users registered on the system, including their full name, privilege, email address, phone number, etc.
How can an attacker exploit CVE-2020-11464?
An attacker can exploit CVE-2020-11464 by making requests to the /api/people endpoint of Deskpro and bypassing user privilege validation.
How can I fix CVE-2020-11464?
To fix CVE-2020-11464, it is recommended to upgrade Deskpro to version 2019.8.0 or later.
Where can I find more information about CVE-2020-11464?
You can find more information about CVE-2020-11464 in the references provided: [Reference 1], [Reference 2], [Reference 3].
- collector/nvd-index
- vendor/deskpro
- canonical/deskpro deskpro