FreeBSD : otrs -- Information disclosure and Data manipulation (eae8e3cf-9dfe-11e2-ac7f-001fd056c417)
High Nessus Plugin ID 65853
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe OTRS Project reports :
An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed.
SolutionUpdate the affected package.