CVE-2009-5056 (retired)

Priority
Description
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly
enforce the move_into permission setting for a queue, which allows remote
authenticated users to bypass intended access restrictions and read a
ticket by watching this ticket, and then selecting the ticket from the
watched-tickets list.
Notes
Package
Source: otrs2 (LP Ubuntu Debian)
Upstream:released (2.4.0)
More Information

Updated: 2019-10-09 07:23:38 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)