VDB

DEBIAN-CVE-2019-12746

DEBIAN-CVE-2019-12746 PUBLISHED CVSS 6.5 MEDIUM

An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:11otrs20, 2.0.4, 2.0.4

Timeline

  • Aug 21, 2019 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›