
From
From27.05.2020 Classified as non-critical Discovery description When using the Web Client, users remain logged in and the data in the Local Storage even after closing the browser tab or closing the browser. If a user does not log out, an uninvolved third...

From
From18.05.2020 Classified as non-critical Discovery description A potentially compromised user of a closed organization can retrieve the client key and the device ID via the browser’s development tools. This could be used to maliciously retrieve the respective URL with modified parameters and...

From
From17.05.2020 Classified as non-critical Discovery description A potentially compromised administrator who has access to either the stashcat web server logs or SSL gateway logs as part of his administration function can use them to retrieve the session ID and thus maliciously gain...