Candidate: CVE-2019-18179
PublicDate: 2020-01-06 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18179
 https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
Description:
 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through
 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through
 6.0.23. An attacker who is logged into OTRS as an agent is able to list
 tickets assigned to other agents, even tickets in a queue where the
 attacker doesn't have permissions.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]


Patches_otrs2:
 upstream: https://github.com/OTRS/otrs/commit/fa6bf8ceed157f10791f9e199058db79b924c351 (6.x)
 upstream: https://github.com/OTRS/otrs/commit/696db4d90a1b44ce4ed0c8a4ab9d53bfa3c9836e (5.x)
upstream_otrs2: needs-triage
precise/esm_otrs2: DNE
trusty_otrs2: ignored (out of standard support)
trusty/esm_otrs2: DNE
xenial_otrs2: ignored (end of standard support, was needed)
bionic_otrs2: needed
disco_otrs2: ignored (reached end-of-life)
eoan_otrs2: ignored (reached end-of-life)
focal_otrs2: not-affected (6.0.24-1)
groovy_otrs2: not-affected (6.0.24-1)
hirsute_otrs2: not-affected (6.0.24-1)
impish_otrs2: not-affected (6.0.24-1)
jammy_otrs2: not-affected (6.0.24-1)
devel_otrs2: not-affected (6.0.24-1)