CVE-2019-18179 — Sensitive Information Exposure in Otrs

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 39.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs Debian Linux Opensuse Backports SLE +1 more

Timeline

PublishedJan 6

Latest updateMay 24

Description

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDotrs/otrs5.0.0 — 5.0.38+2

▶NVDopensuse/leap15.1, 15.2+1

▶NVDopensuse/backports_sle15.0

Also affects: Debian Linux 8.0

Patches

Patch: community.otrs.com ↗Patch: community.otrs.com ↗

🔴Vulnerability Details

GHSA

GHSA-8pxh-wh5q-328f: An issue was discovered in Open Ticket Request System (OTRS) 7↗2022-05-24

▶

CVEList

CVE-2019-18179: An issue was discovered in Open Ticket Request System (OTRS) 7↗2020-01-06

▶

OSV

CVE-2019-18179: An issue was discovered in Open Ticket Request System (OTRS) 7↗2020-01-06

▶

📋Vendor Advisories

Debian

CVE-2019-18179: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.1...↗2019

▶