CVE-2008-7276
published 2011-03-18CVE-2008-7276: Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local…
PriorityP414medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.30%
21.4th percentile
Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 2.3.2-1 (bullseye) | otrs2 2.3.2-1 (bullseye) |
| otrs | otrs | <= 2.3.1 | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w48p-p38c-ph98: Kernel/System/Web/Request
ghsa_unreviewed·2022-05-17
CVE-2008-7276 [MEDIUM] GHSA-w48p-p38c-ph98: Kernel/System/Web/Request
Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.
OSV
CVE-2008-7276: Kernel/System/Web/Request
osv·2011-03-18·CVSS 4.6
CVE-2008-7276 [MEDIUM] CVE-2008-7276: Kernel/System/Web/Request
Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.
Debian
CVE-2008-7276: otrs2 - Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 c...
vendor_debian·2008·CVSS 4.6
CVE-2008-7276 [MEDIUM] CVE-2008-7276: otrs2 - Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 c...
Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.
Scope: local
bullseye: resolved (fixed in 2.3.2-1)
No detection rules found.
No public exploits indexed.
2011-03-18
Published