Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2011-02-28T15:00:00
Updated: 2021-02-25T16:06:21
Reserved: 2011-02-14T00:00:00
Link: CVE-2011-1008
JSON object: View
NVD Information
Status : Modified
Published: 2011-02-28T16:00:01.680
Modified: 2023-11-07T02:06:55.897
Link: CVE-2011-1008
JSON object: View
Redhat Information
No data.
CWE