Описание
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | ignored | end of life, was pending |
| karmic | ignored | end of life |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| karmic | ignored | end of life |
| lucid | released | 3.8.7-1ubuntu2.2 |
| maverick | released | 3.8.8-4ubuntu0.1 |
| natty | released | 3.8.10-1 |
| oneiric | not-affected | |
| precise | not-affected | |
| quantal | DNE |
Показывать по
Ссылки на источники
EPSS
4 Medium
CVSS2
Связанные уязвимости
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not ...
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
EPSS
4 Medium
CVSS2