An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html | Mailing List Third Party Advisory |
https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/ | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
31 Aug 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-01-06 20:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-18179
Mitre link : CVE-2019-18179
CVE.ORG link : CVE-2019-18179
JSON object : View
Products Affected
opensuse
- backports_sle
- leap
otrs
- otrs
debian
- debian_linux
CWE