Mandriva Linux Security Advisory 2013-188 - Updated otrs package fixes security vulnerabilities. An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see.
7d19a09f24ad02fd41db8729335c14e2fe8c6d59b8cc21103605f7e53a251c40
Debian Linux Security Advisory 2712-1 - It was discovered that users with a valid agent login could use crafted URLs to bypass access control restrictions and read tickets to which they should not have access.
504cb290f51c608d9200e113c25d5724ba25dd33673d69731fea9e871839de69