GHSA-f8rq-8r29-248pHighCVSS 7.5
Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid)...
🔗 CVE IDs covered (1)
📋 Description
Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles, management emails, and billing metadata.