Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2011-03-18 09:55
Updated : 2011-03-21 21:00
NVD link : CVE-2010-4760
Mitre link : CVE-2010-4760
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
otrs
- otrs