6 matches found
Design/Logic Flaw
An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions...
SUSE CVE-2019-18179
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn'...
DEBIAN-CVE-2019-18179
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn'...
UBUNTU-CVE-2019-18179
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn'...
Debian DLA-2053-1 : otrs2 security update
An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesnt have permissions. For Debian 8 'Jessie', this problem has been fixed in version 3.3.18-1+deb8u12. We recommend that you upgrade your otrs2 packages. NOTE:...
[SECURITY] [DLA 2053-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u12 CVE ID : CVE-2019-18179 Debian Bug : 945251 An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions. For Debian 8 "Jessie", this problem has been fix...