Lucene search

FreeBSDA5B24A6B-C37C-11E2-ADDB-60A44C524F57

HistoryMay 22, 2013 - 12:00 a.m.

otrs -- information disclosure

2013-05-2200:00:00

vuxml.freebsd.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

48.8%

JSON

The OTRS Project reports:

An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchotrs< 3.2.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	otrs	< 3.2.7	UNKNOWN

References

www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-03/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

48.8%

JSON

Related for A5B24A6B-C37C-11E2-ADDB-60A44C524F57