| Summary: | <www-apps/otrs-3.2.7: Ticket Split Mechanism Vulnerability (CVE-2013-3551) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | patrick, web-apps |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/53496/ | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
@Maintainers: Please clean up vulnerable versions (and ACK doing so on this bug report). Setting cleanup+; Maintainer timeout in 30 days.? + 07 Dec 2014; Kristian Fiskerstrand <k_f@gentoo.org> -otrs-3.2.4.ebuild, + -otrs-3.2.5.ebuild, -otrs-3.2.6.ebuild: + Security cleanup for bug #471096 due to maintainer timeout + |
From ${URL} : Description A vulnerability has been reported in OTRS and OTRS ITSM, which can be exploited by malicious users to disclose potentially sensitive information. The vulnerability is caused to an error when handling URLs related to the ticket split mechanism, which can be exploited to disclose otherwise restricted ticket contents. Successful exploitation requires a valid agent login. The vulnerability is reported in the following products and versions: * OTRS versions 3.2.x through 3.2.6, 3.1.x through 3.1.15, and 3.0.x through 3.0.19. * OTRS ITSM versions 3.2.x through 3.2.4, 3.1.x through 3.1.8, and 3.0.x through 3.0.7. Solution Update to a fixed version. Further details available to Secunia VIM customers Provided and/or discovered by Reported by the vendor. Original Advisory http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-03/ @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.