Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an…
OTRS·CWE-790·Published 2024-07-15
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
Un filtrado inadecuado de los campos al utilizar la función de exportación en la descripción general de tickets de la interfaz externa en OTRS podría permitir a un usuario autorizado descargar una lista de tickets que contiene información sobre tickets de otros clientes. El problema solo ocurre si el administrador ha desactivado TicketSearchLegacyEngine. Este problema afecta a OTRS: 8.0.X, 2023.X, desde 2024.X hasta 2024.4.x
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 5.7 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
| 3.1 | Primary | NVD | 5.3 | 1.6 | 3.6 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Secondary | NVD | 5.7 | 2.1 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |