References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

NVD-CWE-noinfo

OR
          *cpe:2.3:a:freescout:freescout:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.180

GitHub, Inc.: https://github.com/freescout-help-desk/freescout/commit/d2048f59a899dbcfc9a71bb98549ead81cdb62a5 Types: Patch

GitHub, Inc.: https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-fqjj-79j2-8qx6 Types: Exploit, Vendor Advisory

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array (the User object), when creating a new user. This issue has been patched in version 1.8.180.

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-841

https://github.com/freescout-help-desk/freescout/commit/d2048f59a899dbcfc9a71bb98549ead81cdb62a5

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-fqjj-79j2-8qx6