CVSS 3.1 Score 7.1 of 10 (high)


Published Mar 12, 2024
Updated: Mar 13, 2024
CWE ID 532


CVE-2024-28186 is a vulnerability found in the FreeScout Application, an open-source help desk and shared inbox built with PHP. This vulnerability exposes the SMTP server credentials used by an organization in the application to users of the application. The issue occurs because the application stores complete stack traces of exceptions in its database, inadvertently disclosing sensitive information to users. Exploiting this vulnerability allows attackers to gain unauthorized access to SMTP server credentials, potentially leading to unauthorized email sending from the compromised server. This poses a significant threat to the confidentiality and integrity of email communications. Remediation for this vulnerability involves implementing appropriate access controls and ensuring sensitive information is not stored in plain text or exposed through error logs or messages.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-28186 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options