CVE-2010-4768

Published: 18 March 2011

Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.

Priority

Status

Package	Release	Status
otrs2 Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Ignored (end of life)
	karmic	Ignored (end of life)
	lucid	Not vulnerable
	maverick	Not vulnerable
	natty	Not vulnerable
	oneiric	Not vulnerable
	upstream	Released (2.3.5)

References

https://www.cve.org/CVERecord?id=CVE-2010-4768
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.