What the vulnerability does
01Description
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Retrieve Embedded Sensitive Data.This issue affects Awesome Support: from n/a through <= 6.3.6.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Retrieve Embedded Sensitive Data.This issue affects Awesome Support: from n/a through <= 6.3.6.
Explanation of Vulnerability in Simple Terms
Awesome Support versions 6.3.6 and earlier lack proper authorization checks, allowing unauthenticated attackers to read sensitive information. An attacker can access the application over the network without credentials or user interaction. The vulnerability exposes confidential data but does not allow modification or service disruption. Site administrators should update to a version newer than 6.3.6.
What an attacker can do
Read sensitive information without authentication.
Potential impact on your site
Confidential data may be exposed to unauthenticated visitors.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources