CVE-2020-11464
Deskpro CVE-2020-11464 affects Deskpro before 2019.8.0, where /api/people failed to properly validate a user’s privilege, allowing retrieval of sensitive information for all users (full name, privilege, email, phone, etc.). The issue is documented across multiple feeds, with remediation reference...