An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:
* 8.0.X
* 2023.X
* from 2024.X through 2024.4.x
References
Link | Resource |
---|---|
https://otrs.com/release-notes/otrs-security-advisory-2024-06/ | Vendor Advisory |
https://otrs.com/release-notes/otrs-security-advisory-2024-06/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.2 |
References | () https://otrs.com/release-notes/otrs-security-advisory-2024-06/ - Vendor Advisory |
16 Jul 2024, 18:05
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://otrs.com/release-notes/otrs-security-advisory-2024-06/ - Vendor Advisory | |
CPE | cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:* | |
First Time |
Otrs otrs
Otrs |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | NVD-CWE-noinfo |
15 Jul 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.2 |
15 Jul 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-15 08:15
Updated : 2024-11-21 08:58
NVD link : CVE-2024-23794
Mitre link : CVE-2024-23794
CVE.ORG link : CVE-2024-23794
JSON object : View
Products Affected
otrs
- otrs
CWE