An issue exists in Deskpro prior to 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an malicious user to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
deskpro deskpro |