OTRS agent might unwillingly disclose session ID
An agent logged in to OTRS can unwillingly disclose his session ID by sharing the link of an embedded ticket article.
Upgrade to the latest available OTRS patch level (https://ftp.otrs.org/pub/otrs/).
As a workaround, you can replace the affected files (see below for download).
ATTENTION: Please check if any of these files have been changed in your OTRS installation by additional add-ons. In that case you MUST NOT simply overwrite the files with the ones provided below. Please contact us instead.