Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: OTRS

Published: 2024-07-15T07:13:49.918Z

Updated: 2024-08-01T21:41:03.955Z

Reserved: 2024-07-08T07:35:49.064Z

Link: CVE-2024-6540

cve-icon Vulnrichment

Updated: 2024-08-01T21:41:03.955Z

cve-icon NVD

Status : Modified

Published: 2024-07-15T08:15:02.743

Modified: 2024-11-21T09:49:50.857

Link: CVE-2024-6540

cve-icon Redhat

No data.