An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.12, and Community Edition 5.0.x up to and including 5.0.38 and 6.0.x up to and including 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
otrs otrs |
||
debian debian linux 8.0 |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |
||
opensuse leap 15.2 |