This vulnerability in JoomSky's JS Help Desk product (versions <= 3.1.0) involves an insecure direct object reference (IDOR) that permits unauthorized access due to improper authorization checks on user-controlled keys. An unauthenticated attacker can leverage this flaw to bypass authorization controls, potentially accessing data they should not be able to. The CVSS score of 5.3 reflects a network attack vector with low complexity and no privileges or user interaction required, impacting confidentiality but not integrity or availability. No vendor advisory or patch information is currently available, and no exploits have been reported in the wild.

An attacker can bypass authorization controls without authentication, potentially accessing sensitive information due to insecure direct object references. The impact is limited to confidentiality loss; integrity and availability are not affected. The vulnerability does not require user interaction or privileges, increasing its risk profile, but the overall severity is medium.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected JS Help Desk versions and monitor for unusual access patterns related to object references. Avoid exposing sensitive data through user-controllable keys where possible.