CVE-2021-21438: FAQ articles are shown to users without permission
First published: Mon Mar 22 2021(Updated: )
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.
Credit: security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Faq | >=6.0.0<6.0.29 | |
| Otrs Otrs | >=7.0.0<7.0.24 |
Remedy
Update to OTRS 7.0.25.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-21438.
What is the severity of CVE-2021-21438?
The severity of CVE-2021-21438 is medium, with a severity value of 4.3.
Which software versions are affected by CVE-2021-21438?
FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions are affected by CVE-2021-21438.
How can agents see linked FAQ articles without permissions?
Agents can see linked FAQ articles without permissions by exploiting the vulnerability in FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.
Is there a fix for CVE-2021-21438?
Yes, the fix for CVE-2021-21438 is available in later versions of FAQ and OTRS.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/otrs
- canonical/otrs faq
- version/otrs faq/6.0.0
- canonical/otrs otrs
- version/otrs otrs/7.0.0