Lucene search

K

MitreCVELIST:CVE-2019-12746

HistoryAug 21, 2019 - 12:00 a.m.

CVE-2019-12746

2019-08-2100:00:00

mitre

www.cve.org

1

AI Score

6.9

Confidence

High

EPSS

0.008

Percentile

81.2%

An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user.

References

lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html

community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/

lists.debian.org/debian-lts-announce/2019/08/msg00018.html

lists.debian.org/debian-lts-announce/2023/08/msg00040.html

www.otrs.com/category/release-and-security-notes-en/

AI Score

6.9

Confidence

High

EPSS

0.008

Percentile

81.2%

Related for CVELIST:CVE-2019-12746

openvas5 debiancve1 nvd1 ubuntucve1 prion1 osv3 cve1 debian2 nessus4 suse3