DSA-2696-1 otrs2 -- privilege escalationID: oval:org.secpod.oval:def:601044 | Date: (C)2013-05-29 (M)2022-10-10 |
Class: PATCH | Family: unix |
A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see. The oldstable distribution , is not affected by this issue.