oss-security - CVE Request: Insecure Direct Object Reference in OSTicket attachments

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Tue, 19 Apr 2016 14:57:56 +0100
From: Fábio Pires <mail@...iopires.pt>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Insecure Direct Object Reference in OSTicket attachments

Hey guys,

Can you assign a CVE ID for this Insecure Direct Object Reference in
OSTicket attachments ?

https://labs.integrity.pt/advisories/insecure-direct-object-reference-in-osticket-attachments/

References:

    https://github.com/osTicket/osTicket-1.8/issues/2615
    https://github.com/osTicket/osTicket-1.8/pull/2618


Regards
-- 
-- 
*Fábio Pires*
*Country*: Portugal
*www.fabiopires.pt
<http://www.fabiopires.pt/>**<https://www.linkedin.com/in/fabiolspires>*
==
This email was signed automatically with PGP. If you want to exchange
encrypted messages, please search for my PGP key:
*Key*: 0x33524373


Content of type "text/html" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.