Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 473844 (CVE-2013-4088) - <www-apps/otrs-3.2.8: Ticket Watch Mechanism Security Bypass Vulnerability (CVE-2013-4088)
Summary: <www-apps/otrs-3.2.8: Ticket Watch Mechanism Security Bypass Vulnerability (C...
Alias: CVE-2013-4088
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~4 [noglsa]
Depends on:
Reported: 2013-06-19 15:46 UTC by Agostino Sarubbo
Modified: 2015-08-14 01:07 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-06-19 15:46:37 UTC
From ${URL} :

A vulnerability has been reported in OTRS, which can be exploited by 
malicious users to bypass certain security restrictions.

The vulnerability is caused due to the application not properly 
verifying permissions when accessing tickets via the ticket watch 
mechanism and can be exploited to disclose contents of otherwise 
inaccessible tickets.

The vulnerability is reported in versions 3.2.x prior to 3.2.8, 3.1.x 
prior to 3.1.17, and 3.0.x prior to 3.0.21.

Update to version 3.2.8, 3.1.17, or 3.0.21.

Provided and/or discovered by
Reported by the vendor.

Original Advisory

@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-26 19:33:49 UTC
@Maintainers: Please clean up vulnerable versions (and ACK doing so on this bug report). Setting cleanup+; Maintainer timeout in 30 days.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2015-08-14 01:07:32 UTC
Cleanup done.