Описание
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.
EPSS
Процентиль: 65%
0.00497
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 9.1
github
около 1 года назад
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.
EPSS
Процентиль: 65%
0.00497
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-384