FreeScout help desk software contains a vulnerability prior to version 1.8.214 where low-privileged agents can exploit customer email management functionality. The vulnerability allows agents to edit visible customers and add email addresses owned by hidden customers from other mailboxes. This results in unauthorized disclosure of hidden customer names and profile URLs through server success messages. The exploit also causes email reassignment and rebinding of conversations from hidden mailboxes to visible customers, potentially exposing sensitive customer communications and data.