Описание
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 6.0.24-1 |
| esm-apps/jammy | not-affected | 6.0.24-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 6.0.24-1 |
Показывать по
EPSS
4 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
EPSS
4 Medium
CVSS2
4.3 Medium
CVSS3