Publish Date: May 9, 2019
SummaryWe've identified a vulnerability in the Spiceworks Cloud Help Desk that would allow an attacker with access to a victim’s computer to utilize the browser’s cache to gain access to ticket content.
Who’s Affected?At this time, we do not believe anyone was affected by this vulnerability.
DetailsAn attacker could take advantage of the Cloud Help Desk’s lack of cache control to use the browser’s back button to access previously viewed tickets on the victim’s computer. The Cloud Help Desk was set-up to not use cached copies of pages in the help desk, but ticket info. was stored in the cache.
Mitigating FactorsIn order to exploit this vulnerability, an attacker would had to have access to the victim’s computer and use the same Windows login session as the victim.
Security Update InformationDue to the...