Lucene search

K

MitreCVELIST:CVE-2019-12746

HistoryAug 21, 2019 - 12:00 a.m.

CVE-2019-12746

2019-08-2100:00:00

mitre

www.cve.org

6.9 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user.

References

lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html

community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/

lists.debian.org/debian-lts-announce/2019/08/msg00018.html

lists.debian.org/debian-lts-announce/2023/08/msg00040.html

www.otrs.com/category/release-and-security-notes-en/

6.9 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

Related for CVELIST:CVE-2019-12746

debiancve1 nvd1 openvas5 ubuntucve1 osv3 prion1 cve1 debian2 nessus4 suse3