CVE-2018-10198

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-10198

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10198.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-10198

Related

UBUNTU-CVE-2018-10198

Published

2018-06-06T20:29:00Z

Modified

2025-01-08T04:56:03.019474Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.

References

Affected packages

Debian:11 / otrs2

Package

Name: otrs2
Purl: pkg:deb/debian/otrs2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.7-1

Affected versions

2.*

2.0.4p01-6

2.0.4p01-7

2.0.4p01-8

2.0.4p01-9

2.0.4p01-10

2.0.4p01-11

2.0.4p01-12

2.0.4p01-13

2.0.4p01-14

2.0.4p01-14.1

2.0.4p01-15

2.0.4p01-16

2.0.4p01-17

2.0.4p01-18

2.0.99beta1-1

2.0.99beta1-2

2.1.1-1

2.1.3-1

2.1.4-1

2.1.4-2

2.1.5-1

2.1.5-2

2.1.5-3

2.1.6-1

2.1.7-1

2.1.7-2

2.2.0~beta2-1

2.2.0~beta3-1

2.2.1-1

2.2.2-1

2.2.3-1

2.2.4-1

2.2.5-1

2.2.5-2

2.2.6-1

2.2.7-1

2.2.7-2

2.2.7-2lenny1

2.2.7-2lenny2

2.2.7-2lenny3

2.2.7-3

2.3.2-1

2.3.2-2

2.3.3-1

2.3.4-1

2.3.4-2

2.3.4-3

2.3.4-4

2.3.4-5

2.3.4-6

2.3.4-7

2.4.5-1

2.4.5-2

2.4.5-3

2.4.5-4

2.4.5-5

2.4.6-1

2.4.6-2

2.4.7-1

2.4.7-2

2.4.7-3

2.4.7-4

2.4.7-5

2.4.7-6

2.4.7+dfsg1-1

2.4.8+dfsg1-1

2.4.9+dfsg1-1

2.4.9+dfsg1-2

2.4.9+dfsg1-3

2.4.9+dfsg1-3+squeeze1

2.4.9+dfsg1-3+squeeze3

2.4.9+dfsg1-3+squeeze4

2.4.9+dfsg1-3+squeeze5

2.4.9+dfsg1-4

2.4.9+dfsg1-5

2.4.10+dfsg1-1

2.4.10+dfsg1-2

2.4.10+dfsg1-3

3.*

3.0.8+dfsg1-1

3.0.9+dfsg1-1

3.0.10+dfsg1-1

3.0.10+dfsg1-2

3.0.11+dfsg1-1

3.1.0~beta4+dfsg1-1

3.1.0~beta5+dfsg1-1

3.1.0~rc1+dfsg1-1

3.1.1+dfsg1-1

3.1.1+dfsg1-2

3.1.2+dfsg1-1

3.1.2+dfsg1-2

3.1.2+dfsg1-3

3.1.3+dfsg1-1

3.1.3+dfsg1-2

3.1.4+dfsg1-1

3.1.5+dfsg1-1

3.1.5+dfsg1-2

3.1.5+dfsg1-3

3.1.6+dfsg1-1

3.1.7+dfsg1-1

3.1.7+dfsg1-2

3.1.7+dfsg1-3

3.1.7+dfsg1-4

3.1.7+dfsg1-5

3.1.7+dfsg1-6

3.1.7+dfsg1-7

3.1.7+dfsg1-8

3.1.8+dfsg1-1

3.1.9+dfsg1-1

3.1.10+dfsg1-1

3.1.11+dfsg1-1

3.1.12+dfsg1-1

3.1.12+dfsg1-2

3.1.12+dfsg1-3

3.2.1+dfsg1-1

3.2.2+dfsg1-1

3.2.3+dfsg1-1

3.2.4-1

3.2.5-1

3.2.6-1

3.2.6-2

3.2.7-1

3.2.7-2

3.2.8-1

3.2.9-1

3.2.9-2

3.2.10-1

3.2.10-2

3.2.11-1~bpo70+1

3.2.11-1

3.2.12-1

3.3.1-1

3.3.2-1

3.3.3-1

3.3.3-2

3.3.3-3

3.3.4-1

3.3.5-1

3.3.6-1

3.3.7-1

3.3.7-2

3.3.8-1

3.3.9-1

3.3.9-2

3.3.9-3~bpo70+1

3.3.9-3

3.3.10-1

3.3.11-1

3.3.18-1~deb7u1

3.3.18-1~deb7u2

3.3.18-1~deb7u3

4.*

4.0.5-1

4.0.5-2

4.0.6-1

4.0.7-1

4.0.7-2

4.0.8-1

4.0.9-1

4.0.10-1

4.0.11-1

4.0.12-1

4.0.13-1~bpo8+1

4.0.13-1

5.*

5.0.1-1

5.0.1-2

5.0.2-1

5.0.3-1

5.0.5-1

5.0.6-1~bpo8+1

5.0.6-1

5.0.7-1

5.0.8-1~bpo8+1

5.0.8-1

5.0.8+dfsg1-1

5.0.9+dfsg1-1

5.0.9+repack1-1

5.0.10-1~bpo8+1

5.0.10-1

5.0.11-1

5.0.12-1

5.0.13-1~bpo8+1

5.0.13-1

5.0.13-2

5.0.14-1~bpo8+1

5.0.14-1

5.0.15-1

5.0.16-1~bpo8+1

5.0.16-1

5.0.17-1

5.0.18-1

5.0.19-1

5.0.20-1

5.0.21-1~bpo9+1

5.0.21-1

5.0.22-1

5.0.23-1~bpo9+1

5.0.23-1

5.0.24-1~bpo9+1

5.0.24-1

6.*

6.0.1-1

6.0.2-1

6.0.3-1

6.0.4-1

6.0.5-1

6.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/otrs/otrs

Affected ranges

Type: GIT
Repo: https://github.com/otrs/otrs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ba286f5bbef1ef47b866e9f365ca2412c649619c

Affected versions

Other

rel-1_0_0-RC1

rel-1_0_0-RC2

rel-1_0_0-RC3

rel-1_0_0_rc1

rel-1_0_0_rc2

rel-1_0_0_rc3

rel-1_1_0-RC1

rel-1_1_0-RC2

rel-1_1_0_rc1

rel-1_1_0_rc2

rel-1_2_0-b1

rel-1_2_0-b2

rel-1_2_0-b3

rel-1_2_0_beta1

rel-1_2_0_beta2

rel-1_2_0_beta3

rel-1_2_1

rel-2_0_0-b1

rel-2_0_0_beta1

rel-2_0_1

rel-2_0_2

rel-2_0_3

rel-2_1_0-b1

rel-2_1_0-b2

rel-2_1_0_beta1

rel-2_1_0_beta2

rel-2_1_1

rel-2_1_2

rel-2_1_3

rel-2_2_0-b1

rel-2_2_0-b2

rel-2_2_0-b3

rel-2_2_0-b4

rel-2_2_0_beta1

rel-2_2_0_beta2

rel-2_2_0_beta3

rel-2_2_0_beta4

rel-2_2_1

rel-2_2_2

rel-2_3_1

rel-2_3_2

rel-2_4_0-b2

rel-2_4_0-b3

rel-2_4_0-b4

rel-2_4_0-b6

rel-2_4_0_beta2

rel-2_4_0_beta3

rel-2_4_0_beta4

rel-2_4_0_beta6

rel-2_4_1

rel-2_4_2

rel-2_4_3

rel-2_4_4

rel-3_0_0-b2

rel-3_0_0-b3

rel-3_0_0-b4

rel-3_0_0-b5

rel-3_0_0-b7

rel-3_0_0_beta2

rel-3_0_0_beta3

rel-3_0_0_beta4

rel-3_0_0_beta5

rel-3_0_0_beta7

rel-3_0_1

rel-3_0_2

rel-3_0_3

rel-3_0_4

rel-3_1_0-b1

rel-3_1_0-b3

rel-3_1_0-b4

rel-3_1_0-b5

rel-3_1_0-rc1

rel-3_1_0_beta1

rel-3_1_0_beta3

rel-3_1_0_beta4

rel-3_1_0_beta5

rel-3_1_0_rc1

rel-3_1_2

rel-3_1_4

rel-3_2_0_beta1

rel-3_2_0_beta2

rel-3_2_0_beta3

rel-3_2_0_beta4

rel-3_2_0_beta5

rel-3_2_0_rc1

rel-3_2_1

rel-3_2_2

rel-3_2_3

rel-3_2_4

rel-3_3_0_beta1

rel-3_3_0_beta2

rel-3_3_0_beta3

rel-3_3_0_beta4

rel-3_3_0_beta5

rel-3_3_0_rc1

rel-3_3_1

rel-4_0_0_beta1

rel-4_0_0_beta2

rel-4_0_0_beta3

rel-4_0_0_beta4

rel-4_0_0_beta5

rel-4_0_0_rc1

rel-5_0_0_alpha1

rel-5_0_0_beta1

rel-5_0_0_beta2

rel-5_0_0_beta3

rel-6_0_0_alpha1

rel-6_0_0_beta1

rel-6_0_0_beta2

rel-6_0_0_beta3

rel-6_0_0_beta4

rel-6_0_0_beta5

rel-6_0_0_rc1

rel-6_0_5

rel-6_0_6