FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

otrs -- information disclosure

Affected packages
otrs < 3.2.7

Details

VuXML ID a5b24a6b-c37c-11e2-addb-60a44c524f57
Discovery 2013-05-22
Entry 2013-05-23

The OTRS Project reports:

An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.

References

CVE Name CVE-2013-3551
URL http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-03/