In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.
CPE | Name | Operator | Version |
---|---|---|---|
otrs | eq | rel-2_0_0-b1 | |
otrs | eq | rel-2_2_1 | |
otrs | eq | rel-2_2_0_beta1 | |
otrs | eq | rel-1_1_0_rc2 | |
otrs | eq | rel-3_3_11 | |
otrs | eq | rel-3_0_0-b5 | |
otrs | eq | rel-2_2_0_beta3 | |
otrs | eq | rel-4_0_19 | |
otrs | eq | rel-4_0_22 | |
otrs | eq | rel-4_0_17 |