Lucene search

Ubuntu.comUB:CVE-2019-18179

HistoryJan 06, 2020 - 12:00 a.m.

CVE-2019-18179

2020-01-0600:00:00

ubuntu.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.8%

JSON

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through
7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through
6.0.23. An attacker who is logged into OTRS as an agent is able to list
tickets assigned to other agents, even tickets in a queue where the
attacker doesn’t have permissions.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchotrs2< anyUNKNOWN
ubuntu16.04noarchotrs2< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	otrs2	< any	UNKNOWN
ubuntu	16.04	noarch	otrs2	< any	UNKNOWN

References

community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/

launchpad.net/bugs/cve/CVE-2019-18179

nvd.nist.gov/vuln/detail/CVE-2019-18179

security-tracker.debian.org/tracker/CVE-2019-18179

www.cve.org/CVERecord?id=CVE-2019-18179

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.8%

JSON

Related for UB:CVE-2019-18179