PT-2021-14510 · Faq+1 · Faq+1

Christopher Theuerkauf

Published

2021-03-22

Updated

2021-03-25

CVE-2021-21438

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.24 and prior versions FAQ versions 6.0.29 and prior versions

Description The issue allows agents to see linked FAQ articles without the necessary permissions, which are defined in the FAQ Category.

Recommendations For OTRS versions 7.0.24 and prior versions, update to a version that includes the fix for this issue. For FAQ versions 6.0.29 and prior versions, update to a version that includes the fix for this issue.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-264

Related Identifiers

CVE-2021-21438

Affected Products

Faq

Otrs

PT-2021-14510 · Faq+1 · Faq+1

CVE-2021-21438

Weakness Enumeration

Related Identifiers

Affected Products

References · 4