CVE-2009-5056
EPSS 0.16%發布日:2011/3/18修改日:2026/4/28
描述
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
受影響套件(1)
- Debian/otrs2from 0, < 2.4.5-1