FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

otrs -- information disclosure

Affected packages
otrs < 3.2.8

Details

VuXML ID 8b97d289-d8cf-11e2-a1f5-60a44c524f57
Discovery 2013-06-18
Entry 2013-06-19

The OTRS Project reports:

An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see.

References

CVE Name CVE-2013-4088
URL http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-04/