PT-2017-14599 · Otrs+1 · Otrs+1

Published

2017-12-08

·

Updated

2019-11-25

·

CVE-2017-16854

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 3.3.20 and earlier Open Ticket Request System (OTRS) versions 4.0.26 and earlier Open Ticket Request System (OTRS) versions 5.0.24 and earlier Open Ticket Request System (OTRS) versions 6.0.1 and earlier
Description The issue allows an attacker who is logged in as a customer to disclose internal article information of their customer tickets using the ticket search form.
Recommendations For versions 3.3.20 and earlier, update to a version later than 3.3.20. For versions 4.0.26 and earlier, update to a version later than 4.0.26. For versions 5.0.24 and earlier, update to a version later than 5.0.24. For versions 6.0.1 and earlier, update to a version later than 6.0.1.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2019-3068
ALT-PU-2019-3183
CVE-2017-16854
DLA-1212-1
DSA-4066-1

Affected Products

Alt Linux
Otrs