Search
Find a vulnerability
Search criteria
2 vulnerabilities found for OTRS by Accessing template content without permissions
CVE-2022-3501 (GCVE-0-2022-3501)
Vulnerability from nvd – Published: 2022-10-17 08:55 – Updated: 2025-05-10 02:54
VLAI
EPSS
VEX
Title
Information exposure of template content due to missing check of permissions
Summary
Article template contents with sensitive data could be accessed from agents without permissions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Information Exposure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Accessing template content without permissions | OTRS |
Affected:
8.0.x , ≤ 8.0.25
(custom)
|
Date Public
2022-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-14/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T02:54:22.279923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T02:54:36.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "Accessing template content without permissions",
"versions": [
{
"lessThanOrEqual": "8.0.25",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Article template contents with sensitive data could be accessed from agents without permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-14/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.26"
}
],
"source": {
"advisory": "OSA-2022-14",
"defect": [
"2022090142001791"
],
"discovery": "USER"
},
"title": "Information exposure of template content due to missing check of permissions",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-3501",
"datePublished": "2022-10-17T08:55:11.089Z",
"dateReserved": "2022-10-14T00:00:00.000Z",
"dateUpdated": "2025-05-10T02:54:36.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3501 (GCVE-0-2022-3501)
Vulnerability from cvelistv5 – Published: 2022-10-17 08:55 – Updated: 2025-05-10 02:54
VLAI
EPSS
VEX
Title
Information exposure of template content due to missing check of permissions
Summary
Article template contents with sensitive data could be accessed from agents without permissions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Information Exposure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Accessing template content without permissions | OTRS |
Affected:
8.0.x , ≤ 8.0.25
(custom)
|
Date Public
2022-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-14/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T02:54:22.279923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T02:54:36.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "Accessing template content without permissions",
"versions": [
{
"lessThanOrEqual": "8.0.25",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Article template contents with sensitive data could be accessed from agents without permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-14/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.26"
}
],
"source": {
"advisory": "OSA-2022-14",
"defect": [
"2022090142001791"
],
"discovery": "USER"
},
"title": "Information exposure of template content due to missing check of permissions",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-3501",
"datePublished": "2022-10-17T08:55:11.089Z",
"dateReserved": "2022-10-14T00:00:00.000Z",
"dateUpdated": "2025-05-10T02:54:36.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}