Medium severity6.5NVD Advisory· Published Aug 21, 2019· Updated Jun 17, 2026
CVE-2019-12746
CVE-2019-12746
Description
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- OTRS/Open Ticket Request System Community Editiondescription
- Range: 5.0.x through 5.0.36, 6.0.x through 6.0.19
- osv-coords5 versionspkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP2
< 5.0.42-bp151.3.3.1+ 4 more
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
Patches
Vulnerability mechanics
References
7- community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/nvdPatchVendor Advisory
- lists.debian.org/debian-lts-announce/2019/08/msg00018.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.htmlnvdBroken Link
- www.otrs.com/category/release-and-security-notes-en/nvdRelease Notes
- lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlnvd
News mentions
0No linked articles in our index yet.