CVE-2018-10198 — Sensitive Information Exposure in Otrs

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 54.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs Debian Otrs2

Timeline

PublishedJun 6

Latest updateMay 14

Description

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDotrs/otrs6.0.0 — 6.0.7

▶debiandebian/otrs2< otrs2 6.0.7-1 (bullseye)

Patches

Patch: community.otrs.com ↗Patch: community.otrs.com ↗

🔴Vulnerability Details

GHSA

GHSA-6ww2-5f5r-f44h: An issue was discovered in OTRS 6↗2022-05-14

▶

OSV

CVE-2018-10198: An issue was discovered in OTRS 6↗2018-06-06

▶

📋Vendor Advisories

Debian

CVE-2018-10198: otrs2 - An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged in...↗2018

▶