CVE-2019-18179
First published: Mon Jan 06 2020(Updated: )
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OTRS | >=5.0.0<=5.0.38 | |
| OTRS | >=6.0.0<=6.0.23 | |
| OTRS | >=7.0.0<=7.0.12 | |
| Debian | =8.0 | |
| openSUSE Backports | =15.0 | |
| openSUSE Backports | =15.0-sp1 | |
| openSUSE Backports | =15.0-sp2 | |
| SUSE Linux | =15.1 | |
| SUSE Linux | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
- https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
- https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
Frequently Asked Questions
What is the severity of CVE-2019-18179?
CVE-2019-18179 is classified as a moderate severity vulnerability due to its potential for information disclosure.
How do I fix CVE-2019-18179?
To fix CVE-2019-18179, upgrade OTRS to version 7.0.13 or later for 7.0.x, version 6.0.24 or later for 6.0.x, or version 5.0.39 or later for 5.0.x.
Who is affected by CVE-2019-18179?
CVE-2019-18179 affects OTRS versions 7.0.x through 7.0.12, 6.0.x through 6.0.23, and 5.0.x through 5.0.38.
What kind of attack does CVE-2019-18179 enable?
CVE-2019-18179 enables an attacker, who is logged in as an agent, to view tickets assigned to other agents across different queues.
Is CVE-2019-18179 present in community editions of OTRS?
Yes, CVE-2019-18179 affects both the standard and community editions of OTRS within the specified version ranges.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/otrs
- canonical/otrs
- version/otrs/5.0.0
- version/otrs/5.0.38
- version/otrs/6.0.0
- version/otrs/6.0.23
- version/otrs/7.0.0
- version/otrs/7.0.12
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/opensuse
- canonical/opensuse backports
- version/opensuse backports/15.0
- version/opensuse backports/15.0-sp1
- version/opensuse backports/15.0-sp2
- canonical/suse linux
- version/suse linux/15.1
- version/suse linux/15.2