PT-2020-7477 · Otrs+1 · Otrs+1

Published

2013-07-01

·

Updated

2024-06-15

·

CVE-2013-4088

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Open Ticket Request System (OTRS) versions 3.0.x through 3.0.20 Open Ticket Request System (OTRS) versions 3.1.x through 3.1.16 Open Ticket Request System (OTRS) versions 3.2.x through 3.2.7
Description: The issue allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. This occurs because the Kernel/Modules/AgentTicketWatcher.pm module does not properly restrict tickets.
Recommendations: For versions 3.0.x through 3.0.20, update to version 3.0.21 or later. For versions 3.1.x through 3.1.16, update to version 3.1.17 or later. For versions 3.2.x through 3.2.7, update to version 3.2.8 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2014-1279
CVE-2013-4088
DSA-2712-1
MGASA-2013-0196
OPENSUSE-SU-2024:10073-1

Affected Products

Alt Linux
Otrs