• Severity: low
• Products affected: ((OTRS)) Community Edition
• Versions affected: all versions prior to and including 6.0.38

In ((OTRS)) Community Edition version 6.0.38 and earlier, through a crafted URL, an agent can access the contents of a form draft created for a ticket that the agent is not allowed to read.

Users of the affected versions are encouraged to upgrade ((OTRS)) Community Edition to the most recent version (6.0.39).