CVE-2009-5056

CVE-2009-5056 · LOW Severity

AV:N/AC:H/AU:S/C:P/I:N/A:N

Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.

Learn more about our User Device Pen Test.