Information disclosure in Debian Linux - CVE-2019-18179
Published: January 6, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34902
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-18179
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Debian
Affected software:
Debian Linux
Debian Linux
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
How to mitigate CVE-2019-18179
Install update from vendor's website.