CVE-2024-6540

Name of the Vulnerable Software and Affected Versions OTRS versions 8.0.X through 2024.4.x OTRS version 2023.X

Description The issue is related to improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS. This could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.

Recommendations For OTRS versions 8.0.X through 2024.4.x, consider disabling the export function in the ticket overview of the external interface until a patch is available. For OTRS version 2023.X, consider disabling the export function in the ticket overview of the external interface until a patch is available. As a temporary workaround, consider enabling the TicketSearchLegacyEngine to prevent the issue from occurring.