CVE-2008-7276 — Otrs vulnerability

CWE-2645 documents5 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 89.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedMar 18

Latest updateMay 17

Description

Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 2.3.2-1 (bullseye)

▶NVDotrs/otrs2.3.1+47

🔴Vulnerability Details

GHSA

GHSA-w48p-p38c-ph98: Kernel/System/Web/Request↗2022-05-17

▶

OSV

CVE-2008-7276: Kernel/System/Web/Request↗2011-03-18

▶

📋Vendor Advisories

Debian

CVE-2008-7276: otrs2 - Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 c...↗2008

▶

💬Community

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶