FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility …

FreeScout, a free help desk and shared inbox application built with PHP's Laravel framework, contains a vulnerability prior to version 1.8.212. The application fails to properly enforce the limit_user_customer_visibility parameter when merging customers, potentially allowing unauthorized access to customer information. This access control bypass could lead to information disclosure where users can view customer data they should not have access to. The vulnerability has been addressed in FreeScout version 1.8.212 with proper enforcement of user visibility limits during customer merge operations.