This vulnerability in Cliengo Chatbot versions up to 3.0.4 involves missing authorization checks due to misconfigured access control security levels. It allows an attacker with low privileges to access resources or functions that should be restricted, potentially leading to unauthorized data disclosure. The CVSS vector indicates network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability.

The vulnerability can lead to unauthorized access to sensitive information within the Cliengo Chatbot environment, impacting confidentiality. There is no indication of impact on data integrity or system availability. No known exploits have been reported, so the practical impact may be limited until exploitation techniques emerge.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is available, users should monitor vendor communications for updates. In the meantime, review and tighten access control configurations to ensure proper authorization enforcement.