Vigil@nce - OTRS: privilege escalation via tickets watching
July 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can submit specially crafted URL to the ticket
watching module of OTRS, in order to read data the access rights
of them should make them unreadable.
Impacted products: Debian, MBS, OTRS Help Desk
Severity: 2/4
Creation date: 18/06/2013
DESCRIPTION OF THE VULNERABILITY
OTRS is an help desk tool.
An attacker can submit specially crafted URL to the ticket
watching module of OTRS, in order to read data the access rights
of them should make them unreadable.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OTRS-privilege-escalation-via-tickets-watching-12988