CVE-2010-4768

EPSS 0.14%

Published: 3/18/2011Modified: 4/28/2026

Also known as:DEBIAN-CVE-2010-4768

Description

Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.

Affected packages (1)

Debian/otrs2from 0, < 2.4.5-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-4768