CVE-2017-16854 in Ubuntu

CVE-2017-16854

Priority

Description

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5
through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a
customer can use the ticket search form to disclose internal article
information of their customer tickets.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16854
https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
https://bugs.otrs.org/show_bug.cgi?id=13347

Notes

Package

Source: otrs2 (LP Ubuntu Debian)

Upstream:	released (6.0.2-1)
Ubuntu 18.04 LTS:	not-affected (6.0.5-1)
Ubuntu 20.04 LTS:	not-affected (6.0.5-1)
Ubuntu 21.10:	not-affected (6.0.5-1)
Ubuntu 22.04 LTS:	not-affected (6.0.5-1)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-06-10 13:58:47 UTC (commit 22cd97abab61e5eccab4070a258ab5d6a94b972b)