# osTicket

## **Introduction**

> * Open-source support ticketing system
> * The core function of osTicket is to inform the company's employees about a problem so that a problem can be solved with the service or other components
> * osTicket version 1.14.1 suffers from CVE-2020-24881 which was an SSRF vulnerability. If exploited, this type of flaw may be leveraged to gain access to internal resources or perform internal port scanning.
> * Aside from web application-related vulnerabilities, support portals can sometimes be used to obtain an email address for a company domain, which can be used to sign up for other exposed applications requiring an email verification to be sent.