CVE-2019-18179

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 7.0.x through 7.0.12 Open Ticket Request System (OTRS) Community Edition versions 5.0.x through 5.0.38 Open Ticket Request System (OTRS) Community Edition versions 6.0.x through 6.0.23

Description An issue was discovered in Open Ticket Request System (OTRS) where an attacker logged in as an agent can list tickets assigned to other agents, including tickets in a queue where the attacker does not have permissions.

Recommendations For versions 7.0.x through 7.0.12, update to a version outside of this range to mitigate the risk. For Community Edition versions 5.0.x through 5.0.38, update to a version outside of this range to mitigate the risk. For Community Edition versions 6.0.x through 6.0.23, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to sensitive queues to minimize the risk of exploitation.