Описание
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| request-tracker3.8 | fixed | 3.8.10-1 | package | |
| request-tracker3.8 | fixed | 3.8.8-7+squeeze1 | squeeze | package |
| request-tracker3.6 | fixed | 3.6.7-5+lenny6 | lenny | package |
EPSS
Связанные уязвимости
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
EPSS