Permissions, Privileges, and Access Controls in OTRS - CVE-2010-4761
Published: March 18, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45211
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2010-4761
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: otrs.org
Affected software:
OTRS
OTRS
Detailed vulnerability description
The vulnerability allows a remote #AU# to gain access to sensitive information.
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.
How to mitigate CVE-2010-4761
Install update from vendor's website.