CVE-2010-4761 — Otrs vulnerability

CWE-2646 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 55.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedMar 18

Latest updateMay 17

Description

The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 3.0.8+dfsg1-1 (bullseye)

▶NVDotrs/otrs3.0.0+65

Patches

Patch: bugs.otrs.org ↗Patch: bugs.otrs.org ↗

🔴Vulnerability Details

GHSA

GHSA-23mc-xgfq-qhjf: The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3↗2022-05-17

▶

OSV

CVE-2010-4761: The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3↗2011-03-18

▶

📋Vendor Advisories

Debian

CVE-2010-4761: otrs2 - The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) ...↗2010

▶

💬Community

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶

Bugzilla

CVE-2010-3439 alienarena: Two security issues in Quake II 3.20 (Server) (applicable to alienarena)↗2010-03-29

▶