Open Ticket Request System (OTRS) 7.0.0 Information Disclosure Vulnerability

Summary

An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.

Credit:

The information has been provided by Shawn Beasley
The original article can be found at: https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework


Details

Otrs is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application

 

Vulnerable Systems:

  • Otrs 7.0.0
  • Otrs 7.0.4

    CVE Information:
    CVE-2019-9753

    Disclosure Timeline:
    Publish Date:06/03/2019

    Categories: News