First published: Wed Apr 01 2020(Updated: )
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Deskpro Deskpro | <2019.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-11464 is a vulnerability discovered in Deskpro before version 2019.8.0.
The impact of CVE-2020-11464 is that an attacker can retrieve sensitive information about all users registered on the system, including their full name, privilege, email address, phone number, etc.
An attacker can exploit CVE-2020-11464 by making requests to the /api/people endpoint of Deskpro and bypassing user privilege validation.
To fix CVE-2020-11464, it is recommended to upgrade Deskpro to version 2019.8.0 or later.
You can find more information about CVE-2020-11464 in the references provided: [Reference 1], [Reference 2], [Reference 3].