Candidate: CVE-2019-13458
PublicDate: 2019-08-21 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13458
 https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
Description:
 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through
 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19.
 An attacker who is logged into OTRS as an agent user with appropriate
 permissions can leverage OTRS notification tags in templates in order to
 disclose hashed user passwords.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [6.5 MEDIUM]


Patches_otrs2:
upstream_otrs2: released (6.0.20-1)
precise/esm_otrs2: DNE
trusty_otrs2: ignored (out of standard support)
trusty/esm_otrs2: DNE
xenial_otrs2: ignored (end of standard support, was needed)
bionic_otrs2: needed
cosmic_otrs2: ignored (reached end-of-life)
disco_otrs2: ignored (reached end-of-life)
eoan_otrs2: released (6.0.20-1)
focal_otrs2: released (6.0.20-1)
groovy_otrs2: released (6.0.20-1)
hirsute_otrs2: released (6.0.20-1)
impish_otrs2: released (6.0.20-1)
jammy_otrs2: released (6.0.20-1)
devel_otrs2: released (6.0.20-1)