CVE-2010-4768
EPSS 0.14%發布日:2011/3/18修改日:2026/4/28
描述
Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.
受影響套件(1)
- Debian/otrs2from 0, < 2.4.5-1