Описание
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| otrs2 | fixed | 6.0.7-1 | package | |
| otrs2 | not-affected | stretch | package | |
| otrs2 | not-affected | jessie | package |
Примечания
https://github.com/OTRS/otrs/commit/9f5f09e4eef283c2f38c003ba0685b77234750d1
https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework
EPSS
Связанные уязвимости
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.
EPSS