Headline
CVE-2022-3501: OTRS Security Advisory 2022-14 | OTRS
Article template contents with sensitive data could be accessed from agents without permissions.
Release Note
Please read carefully and check if the version of your OTRS system is affected by this vulnerability.
Please send information regarding vulnerabilities in OTRS to: [email protected]
PGP Key
- pub 2048R/9C227C6B 2011-03-21
- uid OTRS Security Team <[email protected]>
- GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 7C6B
Security Advisory Details
- ID: OSA-2022-14
- Date: 2022-10-17
- Title: Information exposure of template content due to missing check of permissions
- Severity: 3.5 LOW
- Product: OTRS 8.0.x
- Fixed in: OTRS 8.0.26
- FULL CVSS v3.1 VECTOR: CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- References: CVE-2022-3501
OSA-2022-14 Information exposure of template content due to missing check of permissions (CVE-2022-3501)
PRODUCT AFFECTED:
This issue affects
OTRS 8.0.x
PROBLEM:
Article template contents with sensitive data could be accessed from agents without permissions.
This issue was seen during production usage.
This issue has been assigned CVE-2022-3501.
SOLUTION:
Update to OTRS 8.0.26
MODIFICATION HISTORY:
2022-10-17: Initial Publication.
CVE-2022-3501 at cve.org
CVSS SCORE:
3.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
RISK LEVEL:
LOW
—