Security Advisory

CVE-2020-27358

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-31 16:18:43

Last updated 2024-08-04 16:11:36

Assigner mitre

State PUBLISHED

Description

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messengers CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one anothers conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}.

← Browse all CVEs View on cve.org ↗