CVE-2022-45180: 
Linux Alpine vulnerability analysis and mitigation

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system (an operation intended to only be available to the system administrator) (NVD).

The vulnerability is classified as a Broken Access Control issue affecting the /api/v1/vdesk_{DOMAIN]/export endpoint. The CVSS v3.1 base score is 6.5 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates the vulnerability requires network access, low attack complexity, low privileges, no user interaction, and affects confidentiality but not integrity or availability (NVD).

The vulnerability allows unauthorized access to sensitive user information. An authenticated user without administrative privileges can export information about all users in the system, leading to a significant data confidentiality breach (NVD).

The vulnerability affects LIVEBOX Collaboration vDesk through version v018. No specific mitigation or patch information is currently available in the public sources (NVD).