CVE-2010-4761
published 2011-03-18CVE-2010-4761: The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which…
PriorityP415medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
1.29%
66.6th percentile
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.
Affected
67 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 3.0.8+dfsg1-1 (bullseye) | otrs2 3.0.8+dfsg1-1 (bullseye) |
| otrs | otrs | <= 3.0.0 | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.0MEDIUM
vendor_debian4.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-23mc-xgfq-qhjf: The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3
ghsa_unreviewed·2022-05-17
CVE-2010-4761 [MEDIUM] GHSA-23mc-xgfq-qhjf: The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.
OSV
CVE-2010-4761: The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3
osv·2011-03-18·CVSS 4.0
CVE-2010-4761 [MEDIUM] CVE-2010-4761: The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.
Debian
CVE-2010-4761: otrs2 - The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) ...
vendor_debian·2010·CVSS 4.0
CVE-2010-4761 [MEDIUM] CVE-2010-4761: otrs2 - The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) ...
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.
Scope: local
bullseye: resolved (fixed in 3.0.8+dfsg1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
bugzilla·2010-09-20·CVSS 4.3
CVE-2010-0438 [MEDIUM] CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=635845
Please note:
Bugzilla
CVE-2010-3439 alienarena: Two security issues in Quake II 3.20 (Server) (applicable to alienarena)
bugzilla·2010-03-29·CVSS 6.5
CVE-2010-3439 [MEDIUM] CVE-2010-3439 alienarena: Two security issues in Quake II 3.20 (Server) (applicable to alienarena)
CVE-2010-3439 alienarena: Two security issues in Quake II 3.20 (Server) (applicable to alienarena)
Richard Stanway posted on QuakeDev Forums page:
[1] http://www.quakedev.com/forums/index.php?topic=53.0
two new vulnerabilities affecting also code, as present
in Alien Arena (from [1]):
A, "Multiple auto downloading DoS conditions:
By supplying various invalid parameters to the download command,
it is possible to cause a DoS condition by causing the server to
crash. A path ending in . or / will crash on Linux. Supplying
a negative offset will cause a crash on all platforms."
Proposed patch:
[2] http://corent.proboards.com/index.cgi?action=gotopost&board=bugreport&thread=4761&post=44624
Public PoC:
[3] http://corent.proboards.com/index.cgi?action=gotopost&board=bugreport&thread=4761&post
2011-03-18
Published