Security Advisory

CVE-2009-5056

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2011-03-18 16:00:00

Last updated 2024-09-16 18:34:52

Assigner mitre

State PUBLISHED

Description

Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.

← Browse all CVEs View on cve.org ↗