Lucene search

K

GoogleOSV:CVE-2019-13458

HistoryAug 21, 2019 - 2:15 p.m.

CVE-2019-13458

2019-08-2114:15:10

Google

osv.dev

10

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

72.0%

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.

References

lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html

community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/

lists.debian.org/debian-lts-announce/2019/08/msg00018.html

lists.debian.org/debian-lts-announce/2023/08/msg00040.html

www.otrs.com/category/release-and-security-notes-en/

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

72.0%

Related for OSV:CVE-2019-13458

openvas5 prion1 debiancve1 nvd1 cve1 ubuntucve1 cvelist1 osv2 nessus4 debian2 suse3