Red Hat Bugzilla – Bug 506881
rt3: privilege to edit 'RT at a Glance' unintentionally granted by "ShowConfigTab" right
Last modified: 2009-06-19 01:39:33 EDT
+++ This bug was initially created as a clone of Bug #506236 +++
New RT upstream versions 3.6.8 and 3.8.4 were released, mentioning following security fix:
The most important fix is that RT now requires the SuperUser
right to edit global RT at a Glance. In all previous 3.8
releases, the "ShowConfigTab" right unintentionally enabled this.
If you have not granted this right to any non-administrative user,
then this issue should not affect you.
Upstream announcements contain patches that can be used with older versions instead of moving to new upstream version.
Fixed by upgrading to rt-3.8.4 on rawhide.