Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NOtrs
APPOtrs8.0.0 – 2024.5.2 (bez)
Related vulnerabilities
OTRS / Community Edition: SQL injection z pominięciem uwierzytelnienia
An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling al...
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which ...
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL o...
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTas...