Red Hat Bugzilla – Bug 506236
rt3: privilege to edit 'RT at a Glance' unintentionally granted by "ShowConfigTab" right
Last modified: 2010-03-22 14:31:43 EDT
New RT upstream versions 3.6.8 and 3.8.4 were released, mentioning following security fix:
The most important fix is that RT now requires the SuperUser
right to edit global RT at a Glance. In all previous 3.8
releases, the "ShowConfigTab" right unintentionally enabled this.
If you have not granted this right to any non-administrative user,
then this issue should not affect you.
Upstream announcements contain patches that can be used with older versions instead of moving to new upstream version.
Update to 3.6.8 for EPEL 5 is ready, but not tested yet :
rt3 3.6.8 pushed to EPEL 5 stable.