CVE-2019-9753 — Sensitive Information Exposure in Otrs

CWE-200 — Sensitive Information Exposure7 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 54.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs Debian Otrs2

Timeline

PublishedJun 3

Latest updateMay 24

Description

An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDotrs/otrs7.0.0 — 7.0.5+1

▶debiandebian/otrs2

Patches

Patch: community.otrs.com ↗Patch: community.otrs.com ↗

🔴Vulnerability Details

GHSA

GHSA-pxh2-6x4h-4pfv: An issue was discovered in Open Ticket Request System (OTRS) 7↗2022-05-24

▶

GHSA

GHSA-cwcj-fm93-gwcg: An issue was discovered in Open Ticket Request System (OTRS) 7↗2022-05-24

▶

OSV

CVE-2019-10065: An issue was discovered in Open Ticket Request System (OTRS) 7↗2020-03-10

▶

📋Vendor Advisories

Debian

CVE-2019-9753: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. A...↗2019

▶

Debian

CVE-2019-10065: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. ...↗2019

▶