← Back

CVE-2019-18179

nvd nist
Published: Jan 6, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.

Affected (9)

Otrs
1 product
Otrs
Debian
1 product
Debian Linux
Opensuse
2 products
Backports Sle
Leap
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Otrs
Otrs
From 7.0.0 to 7.0.12
Otrs
From 5.0.0 to 5.0.38
Otrs
From 6.0.0 to 6.0.23
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 8.0
Configuration C
5 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Backports Sle
Version 15.0
Backports Sle
Version 15.0 sp1
Backports Sle
Version 15.0 sp2
Opensuse
Leap
Version 15.1
Leap
Version 15.2

References (12)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.