Summary: In the first week of April, amidst of global lockdown environment, multiple vulnerabilities that includes information disclosure as well as privilege escalation that leads to remote code execution (RCE) were observed in Deskpro. These issues were classified into CWE-200 and CWE-269 that exists in Deskpro prior to 2019.8.0. The /api/email_accounts endpoint failed to properly … Continue reading “Deskpro multiple vulnerabilities information disclosure , privilege escalation to RCE (CVE-2020-11463,CVE-2020-11464,CVE-2020-11465,CVE-2020-11466,CVE-2020-11467)”