Описание
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.3.5-1 |
| esm-apps/xenial | not-affected | 3.3.5-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.3.5-1]] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | not-affected | 3.2.9-2 |
| trusty | not-affected | 3.3.5-1 |
Показывать по
Ссылки на источники
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS ...
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3