CVE-2020-2500
First published: Wed Jul 01 2020(Updated: )
This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP Helpdesk | <3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-2500?
The severity of CVE-2020-2500 is critical.
How does the vulnerability in Helpdesk allow attackers to gain control?
The vulnerability in Helpdesk allows attackers to gain control of the QNAP Kayako service and access sensitive data on the QNAP Kayako server with API keys.
Has the vulnerability been mitigated?
Yes, the vulnerability has been mitigated by replacing the API key.
Which version of Helpdesk fixes the vulnerability?
The vulnerability has been fixed in Helpdesk version 3.0.1 and later.
Where can I find more information about CVE-2020-2500?
You can find more information about CVE-2020-2500 at the following link: [https://www.qnap.com/zh-tw/security-advisory/qsa-20-03](https://www.qnap.com/zh-tw/security-advisory/qsa-20-03).
- collector/nvd-index
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/qnap
- canonical/qnap helpdesk