CVE-2021-21438

Summary

Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.

Affected Software

VendorProductVersion RangeStatus
OTRS AGFAQ6.0.x <= 6.0.29affected
OTRS AGOTRSunspecified <= 7.0.24affected

Weaknesses

  • CWE-264: CWE-264 Permissions, Privileges, and Access Controls

ADP Enrichment

CVE Program Container

Additional References

References