LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

otrs2: privilege escalation

Package(s):otrs2 CVE #(s):CVE-2013-3551
Created:May 29, 2013 Updated:May 30, 2013
Description: From the Debian advisory:

A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.

Alerts:
Debian DSA-2696-1 2013-05-29
Mageia MGASA-2013-0196 2013-07-01
Mandriva MDVSA-2013:188 2013-07-02
openSUSE openSUSE-SU-2013:1338-1 2013-08-14
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds