Maximilian Gutwein

**Name of the Vulnerable Software and Affected Versions** OTRS versions 8.0.X through 8.0.31 **Description** The issue allows any authenticated attacker as an Agent to track user behavior and gain live insight into overall system usage. User IDs can easily be correlated with real names, for example, via ticket histories by any user. Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation and the number of active users. **Recommendations** For versions 8.0.X through 8.0.31, update to version 8.0.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the Websocket API backend to minimize the risk of exploitation. Additionally, restrict the ability to subscribe to all possible push events to prevent potential performance implications on the server side.