Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.
This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: OTRS
Published: 2024-07-15T07:13:49.918Z
Updated: 2024-08-01T21:41:03.955Z
Reserved: 2024-07-08T07:35:49.064Z
Link: CVE-2024-6540
Vulnrichment
Updated: 2024-08-01T21:41:03.955Z
NVD
Status : Modified
Published: 2024-07-15T08:15:02.743
Modified: 2024-11-21T09:49:50.857
Link: CVE-2024-6540
Redhat
No data.