Unrated severityNVD Advisory· Published Mar 18, 2011· Updated Jun 16, 2026
CVE-2010-4768
CVE-2010-4768
Description
Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.
Affected products
81cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*+ 80 more
- cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*range: <=2.3.4
- cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*
- (no CPE)range: <2.3.5
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.