CVE-2010-4763 (retired)

Priority
Description
The ACL-customer-status Ticket Type setting in Open Ticket Request System
(OTRS) before 3.0.0-beta1 does not restrict the ticket options after an
AJAX reload, which allows remote authenticated users to bypass intended ACL
restrictions on the (1) Status, (2) Service, and (3) Queue via selections.
Notes
Package
Source: otrs2 (LP Ubuntu Debian)
Upstream:released (3.0.0)
More Information

Updated: 2019-10-09 07:34:37 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)