Candidate: CVE-2018-10198
PublicDate: 2018-06-06 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10198
 https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework
 https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework/
Description:
 An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is
 logged into OTRS as a customer can use the ticket overview screen to
 disclose internal article information of their customer tickets.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]


Patches_otrs2:
 other: https://github.com/OTRS/otrs/commit/9f5f09e4eef283c2f38c003ba0685b77234750d1
upstream_otrs2: released (6.0.7-1)
precise/esm_otrs2: DNE
trusty_otrs2: ignored (reached end-of-life)
trusty/esm_otrs2: DNE (trusty was needs-triage)
xenial_otrs2: ignored (end of standard support, was needs-triage)
artful_otrs2: ignored (reached end-of-life)
bionic_otrs2: needs-triage
cosmic_otrs2: not-affected (6.0.7-1)
disco_otrs2: not-affected (6.0.7-1)
eoan_otrs2: not-affected (6.0.7-1)
focal_otrs2: not-affected (6.0.7-1)
groovy_otrs2: not-affected (6.0.7-1)
hirsute_otrs2: not-affected (6.0.7-1)
impish_otrs2: not-affected (6.0.7-1)
jammy_otrs2: not-affected (6.0.7-1)
devel_otrs2: not-affected (6.0.7-1)