CVE-2024-28186

{"id": "CVE-2024-28186", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2024-03-12T20:15:08.503", "references": [{"url": "https://github.com/freescout-helpdesk/freescout/commit/33639a89554998dcac645613130a27ac7872605e", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-7wcq-2qmv-mvcm", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/freescout-helpdesk/freescout/commit/33639a89554998dcac645613130a27ac7872605e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-7wcq-2qmv-mvcm", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "FreeScout is an open source help desk and shared inbox built with PHP.\n\nA vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing complete stack traces of exceptions in its database. The sensitive information is then inadvertently disclosed to users via the `/conversation/ajax-html/send_log?folder_id=&thread_id={id}` endpoint. The stack trace reveals value of parameters, including the username and password, passed to the `Swift_Transport_Esmtp_Auth_LoginAuthenticator->authenticate()` function. Exploiting this vulnerability allows an attacker to gain unauthorized access to SMTP server credentials. With this sensitive information in hand, the attacker can potentially send unauthorized emails from the compromised SMTP server, posing a severe threat to the confidentiality and integrity of email communications. This could lead to targeted attacks on both the application users and the organization itself, compromising the security of email exchange servers. This issue has been addressed in version 1.8.124. Users are advised to upgrade. Users unable to upgrade should adopt the following measures: 1. Avoid Storing Complete Stack Traces, 2. Implement redaction mechanisms to filter and exclude sensitive information, and 3. Review and enhance the application's logging practices."}, {"lang": "es", "value": "FreeScout es una mesa de ayuda de c\u00f3digo abierto y una bandeja de entrada compartida creada con PHP. Se ha identificado una vulnerabilidad en la aplicaci\u00f3n Free Scout, que expone las credenciales del servidor SMTP utilizadas por una organizaci\u00f3n en la aplicaci\u00f3n a los usuarios de la aplicaci\u00f3n. Este problema surge cuando la aplicaci\u00f3n almacena seguimientos completos de excepciones en su base de datos. Luego, la informaci\u00f3n confidencial se divulga inadvertidamente a los usuarios a trav\u00e9s del endpoint `/conversation/ajax-html/send_log?folder_id=&thread_id={id}`. El seguimiento de la pila revela el valor de los par\u00e1metros, incluidos el nombre de usuario y la contrase\u00f1a, pasados a la funci\u00f3n `Swift_Transport_Esmtp_Auth_LoginAuthenticator->authenticate()`. La explotaci\u00f3n de esta vulnerabilidad permite a un atacante obtener acceso no autorizado a las credenciales del servidor SMTP. Con esta informaci\u00f3n confidencial en la mano, el atacante puede potencialmente enviar correos electr\u00f3nicos no autorizados desde el servidor SMTP comprometido, lo que representa una grave amenaza para la confidencialidad y la integridad de las comunicaciones por correo electr\u00f3nico. Esto podr\u00eda dar lugar a ataques dirigidos tanto a los usuarios de la aplicaci\u00f3n como a la propia organizaci\u00f3n, comprometiendo la seguridad de los servidores de intercambio de correo electr\u00f3nico. Este problema se solucion\u00f3 en la versi\u00f3n 1.8.124. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben adoptar las siguientes medidas: 1. Evitar almacenar seguimientos de pila completos, 2. Implementar mecanismos de redacci\u00f3n para filtrar y excluir informaci\u00f3n confidencial, y 3. Revisar y mejorar las pr\u00e1cticas de registro de la aplicaci\u00f3n."}], "lastModified": "2025-01-10T15:01:40.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freescout:freescout:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ED5EBAE-A7D6-40EC-AD9B-A295E74603F9", "versionEndExcluding": "1.8.124"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}