PT-2020-9047 · Otrs · Otrs

Laszlo Gyaraki

Published

2020-03-10

Updated

2020-08-24

CVE-2019-10065

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 7.0 through 7.0.6

Description An issue in OTRS allows an attacker who is logged in as a customer user to disclose information from internal FAQ articles using the search result screens.

Recommendations For OTRS versions 7.0 through 7.0.6, consider restricting access to the search result screens for customer users until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-10065

Affected Products

Otrs

PT-2020-9047 · Otrs · Otrs

CVE-2019-10065

Related Identifiers

Affected Products

References · 9