Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | all | otrs2 | < 6.0.32-6 | otrs2_6.0.32-6_all.deb |
Debian | 10 | all | otrs2 | < 6.0.16-2+deb10u1 | otrs2_6.0.16-2+deb10u1_all.deb |
Debian | 12 | all | znuny | < 6.5.1-1 | znuny_6.5.1-1_all.deb |
Debian | 999 | all | znuny | < 6.5.8-1 | znuny_6.5.8-1_all.deb |
Debian | 13 | all | znuny | < 6.5.8-1 | znuny_6.5.8-1_all.deb |