Impact
What kind of vulnerability is it? Who is impacted?
*Vulnerability: PII Exposure
*Only tickets transferred between queues on UTRS 2.3
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been fixed in 2.3.1-security
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Comment out lines 64 to 107 in app/Jobs/GetBlockDetailsJob.php
Time to address
How fast was the vulnerability addressed?
*Time to discovery & reporting: 15:23 UTC Tuesday Jan 31/2023
*Time to first emergency patch & deployment: 15:49 UTC Tuesday Jan 31/2023
*Time to first patch/deployment: 02:53 UTC Wednesday Feb 1/2023
MarcoAurelioWM Analyst
Impact
What kind of vulnerability is it? Who is impacted?
*Vulnerability: PII Exposure
*Only tickets transferred between queues on UTRS 2.3
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been fixed in 2.3.1-security
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Comment out lines 64 to 107 in app/Jobs/GetBlockDetailsJob.php
Time to address
How fast was the vulnerability addressed?
*Time to discovery & reporting: 15:23 UTC Tuesday Jan 31/2023
*Time to first emergency patch & deployment: 15:49 UTC Tuesday Jan 31/2023
*Time to first patch/deployment: 02:53 UTC Wednesday Feb 1/2023