| Summary: | <www-apps/otrs-3.2.8: Ticket Watch Mechanism Security Bypass Vulnerability (CVE-2013-4088) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | patrick, web-apps |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/53851/ | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
@Maintainers: Please clean up vulnerable versions (and ACK doing so on this bug report). Setting cleanup+; Maintainer timeout in 30 days. Cleanup done. |
From ${URL} : Description A vulnerability has been reported in OTRS, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to the application not properly verifying permissions when accessing tickets via the ticket watch mechanism and can be exploited to disclose contents of otherwise inaccessible tickets. The vulnerability is reported in versions 3.2.x prior to 3.2.8, 3.1.x prior to 3.1.17, and 3.0.x prior to 3.0.21. Solution Update to version 3.2.8, 3.1.17, or 3.0.21. Provided and/or discovered by Reported by the vendor. Original Advisory http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-04/ @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.