CVE-2010-4763

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2010-4763

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-4763.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2010-4763

Downstream

DEBIAN-CVE-2010-4763

Published

2011-03-18T16:55:01Z

Modified

2026-04-10T03:41:33.658117Z

Summary

[none]

Details

The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.

References

http://bugs.otrs.org/show_bug.cgi?id=4399
http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807

CVE-2010-4763

Affected packages