FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

otrs -- Information disclosure and Data manipulation

Affected packages
otrs < 3.1.14

Details

VuXML ID eae8e3cf-9dfe-11e2-ac7f-001fd056c417
Discovery 2013-04-02
Entry 2013-04-05

The OTRS Project reports:

An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed.

References

CVE Name CVE-2013-2625
URL http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-01/