Описание
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.
Ссылки
- Broken Link
- Broken Link
- Broken Link
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- Release Notes
- Broken Link
- Broken Link
- Broken Link
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- Release Notes
Уязвимые конфигурации
Одно из
EPSS
2.7 Low
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.
EPSS
2.7 Low
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2