CVE-2011-1008

Name of the Vulnerable Software and Affected Versions Best Practical Solutions RT versions prior to 3.8.9

Description The issue allows remote authenticated users to obtain sensitive information via unspecified vectors. This is demonstrated by custom-field value information, related to SQL logging, due to improper access restriction to a TicketObj in a Scrip after a CurrentUser change.

Recommendations For versions prior to 3.8.9, update to version 3.8.9 or later to resolve the issue.