CVE-2024-6540— Information exlosure in external interface

Information exlosure in external interface

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

特殊元素过滤不恰当

OTRS 安全漏洞

OTRS是德国OTRS公司的一个应用软件。一个服务管理软件。 OTRS存在安全漏洞，该漏洞源于字段过滤不当，可能会允许授权用户下载包含其他客户工单信息的工单列表。

N/A

N/A