Authenticated users can delete emails imported into the system assigned to another user; where the Email Dropbox is in use.
Fixed in v0.26.0
Disable use of email dropbox.
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 2.1 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-9pm8-vwc5-w2hm ↗ |
| CWE id | Name |
|---|---|
| CWE-639 | Authorization Bypass Through User-Controlled Key |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| rubygems | fat_free_crm | < 0.26.0 | 0.26.0 | — |