This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: FreeScout invite links **never expire**. π **Consequences**: Attackers can hijack accounts months/years later. Admin takeover possible if admin invite is leaked. π₯ **Impact**: Full account compromise.
π¦ **Product**: FreeScout (PHP Laravel Help Desk). π **Affected**: Versions **< 1.8.217**. β **Fixed**: Version 1.8.217+.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Unauthenticated access. π **Data**: If admin invite leaked β **Admin Privileges**. If user invite leaked β **User Account Control**. π§ **Scope**: Permanent account takeover.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: LOW. π« **Auth**: None required. π **Config**: Only needs a leaked invite hash. π¬ **Leak Sources**: Forwarded emails, CDN headers, server logs, shared inbox archives.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π« **Public Exp?**: No PoC provided in data. π **Wild Exp**: Theoretical. Relies on finding old leaked hashes. Not automated/scripted yet based on current info.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for FreeScout instances. π **Verify**: Check version number (< 1.8.217). π§ **Audit**: Review invite logs for non-expiring hashes. π΅οΈ **Monitor**: Look for unauthorized password resets via invite links.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: Yes. π₯ **Patch**: Upgrade to **FreeScout 1.8.217** or later. π **Ref**: GitHub Security Advisory GHSA-hqff-cwx7-3jpm.
Q9What if no patch? (Workaround)
π **Workaround**: Manually expire old invite hashes. π§Ή **Clean**: Delete unused invite emails from shared inboxes/logs. π« **Block**: Restrict access to `/user-setup/` if possible.β¦