Описание
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | ignored | end of life |
| karmic | ignored | end of life |
| lucid | not-affected | |
| maverick | not-affected | |
| natty | not-affected | |
| oneiric | not-affected | |
| upstream | released | 2.4.0 |
Показывать по
Ссылки на источники
2.1 Low
CVSS2
Связанные уязвимости
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly ...
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
2.1 Low
CVSS2