Vigil@nce - OTRS: ticket reading via AgentTicketPhone
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can change the url of the ticket split
mechanism of OTRS, in order to read tickets of other users, which
can contain sensitive information.
– Impacted products: Debian, OTRS Help Desk
– Severity: 2/4
– Creation date: 22/05/2013
DESCRIPTION OF THE VULNERABILITY
Users can split an OTRS ticket in two tickets.
The AgentTicketPhone.pm module is called during the ticket
creation. However, it does not check if the user is allowed to
read the ticket before splitting it.
An authenticated attacker can therefore change the url of the
ticket split mechanism of OTRS, in order to read tickets of other
users, which can contain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OTRS-ticket-reading-via-AgentTicketPhone-12851