freescout up to 1.8.123 send_log?folder_id=&thread_id= log file
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.1 | $0-$5k | 0.00 |
Summary
A vulnerability was found in freescout up to 1.8.123. It has been declared as problematic. This issue affects some unknown processing of the file /conversation/ajax-html/send_log?folder_id=&thread_id=. Executing a manipulation can lead to log file. This vulnerability is tracked as CVE-2024-28186. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.
Details
A vulnerability has been found in freescout up to 1.8.123 and classified as problematic. This vulnerability affects some unknown processing of the file /conversation/ajax-html/send_log?folder_id=&thread_id=. The manipulation with an unknown input leads to a log file vulnerability. The CWE definition for the vulnerability is CWE-532. Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. As an impact it is known to affect confidentiality. CVE summarizes:
FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing complete stack traces of exceptions in its database. The sensitive information is then inadvertently disclosed to users via the `/conversation/ajax-html/send_log?folder_id=&thread_id={id}` endpoint. The stack trace reveals value of parameters, including the username and password, passed to the `Swift_Transport_Esmtp_Auth_LoginAuthenticator->authenticate()` function. Exploiting this vulnerability allows an attacker to gain unauthorized access to SMTP server credentials. With this sensitive information in hand, the attacker can potentially send unauthorized emails from the compromised SMTP server, posing a severe threat to the confidentiality and integrity of email communications. This could lead to targeted attacks on both the application users and the organization itself, compromising the security of email exchange servers. This issue has been addressed in version 1.8.124. Users are advised to upgrade. Users unable to upgrade should adopt the following measures: 1. Avoid Storing Complete Stack Traces, 2. Implement redaction mechanisms to filter and exclude sensitive information, and 3. Review and enhance the application's logging practices.
The weakness was disclosed 03/12/2024 as GHSA-7wcq-2qmv-mvcm. The advisory is shared for download at github.com. This vulnerability was named CVE-2024-28186 since 03/06/2024. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1592.
Upgrading to version 1.8.124 eliminates this vulnerability. Applying the patch 33639a89554998dcac645613130a27ac7872605e is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Once again VulDB remains the best source for vulnerability data.
Product
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.2VulDB Meta Temp Score: 6.1
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.1
NVD Vector: 🔍
CNA Base Score: 7.1
CNA Vector (GitHub, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Log fileCWE: CWE-532 / CWE-200 / CWE-284
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: freescout 1.8.124
Patch: 33639a89554998dcac645613130a27ac7872605e
Timeline
03/06/2024 🔍03/12/2024 🔍
03/12/2024 🔍
01/10/2025 🔍
Sources
Advisory: GHSA-7wcq-2qmv-mvcmStatus: Confirmed
CVE: CVE-2024-28186 (🔍)
GCVE (CVE): GCVE-0-2024-28186
GCVE (VulDB): GCVE-100-256612
Entry
Created: 03/12/2024 22:27Updated: 01/10/2025 16:11
Changes: 03/12/2024 22:27 (52), 01/10/2025 16:11 (27)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.