Closed d4nt closed 4 years ago
There exists a vulnerability in QueryTree allowing any user to join any arbitrary organization. This allows an unauthenticated attacker to gain complete access to any QueryTree organization simply by registering an account.
Thanks to @cablej for reporting this issue.
A CVE has been raised for this issue here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19249
This issue is fixed by 57b700823f8eb1a42eb3bc0c706fbe5e5f5e766f
Suggested Remediation:
Upgrade to 3.0.99 or later.
There exists a vulnerability in QueryTree allowing any user to join any arbitrary organization. This allows an unauthenticated attacker to gain complete access to any QueryTree organization simply by registering an account.
Thanks to @cablej for reporting this issue.
A CVE has been raised for this issue here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19249
This issue is fixed by 57b700823f8eb1a42eb3bc0c706fbe5e5f5e766f
Suggested Remediation:
Upgrade to 3.0.99 or later.