Lucene search

K

GoogleOSV:CVE-2019-18179

HistoryJan 06, 2020 - 8:15 p.m.

CVE-2019-18179

2020-01-0620:15:12

Google

osv.dev

9

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

69.0%

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn’t have permissions.

References

lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html

community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/

lists.debian.org/debian-lts-announce/2020/01/msg00000.html

lists.debian.org/debian-lts-announce/2023/08/msg00040.html

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

69.0%

Related for OSV:CVE-2019-18179

debiancve1 openvas5 prion1 nvd1 nessus4 osv2 debian2 cve1 cvelist1 ubuntucve1 suse3