Last modified: 2012-02-08 02:10:39 UTC
Details here: http://otrs-wiki.wikimedia.org/wiki/Volunteers%27_noticeboard#Security_vulnerability
Reported upstream to the OTRS security contact. I'll post here the result. Also, I've informed TStarling of the upstream report, just in case this *is* a local configuration issue.
Upstream per TStarling.
Could any information about the progress of this bug be posted on the otrs-wiki? This is a security-issue concerning the privacy of all OTRS-Agents, so a mere 'Resolved, Resolution Later' is a bit poor as the only progress within 2 weeks.
What's the status on this? I'd like to assume whatever it was got fixed, but... asking is better. I would file a followup in the internal RT tracker, but my password appears to have been lost and there's no reset system so I can't get in.
Maybe it would help to update OTRS to the latest version *hides* It's on the xmas wishlist of the OTRS team.
Bumping up priority, though I'm not sure what the issue is since I don't currently have access to OTRS wiki.
...and after further investigation, it appears this one was fixed shortly after it was reported.