CVE-2019-12746

An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:23

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html - Broken Link
References () https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/ - Patch, Vendor Advisory () https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/ - Patch, Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html - () https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html -
References () https://www.otrs.com/category/release-and-security-notes-en/ - Release Notes () https://www.otrs.com/category/release-and-security-notes-en/ - Release Notes

31 Aug 2023, 03:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html -

Information

Published : 2019-08-21 14:15

Updated : 2024-11-21 04:23


NVD link : CVE-2019-12746

Mitre link : CVE-2019-12746

CVE.ORG link : CVE-2019-12746


JSON object : View

Products Affected

debian

  • debian_linux

otrs

  • otrs
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor