CVE-2008-7277
published 2011-03-18CVE-2008-7277: Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge…
PriorityP427medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.47%
70.4th percentile
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 2.3.2-1 (bullseye) | otrs2 2.3.2-1 (bullseye) |
| otrs | otrs | <= 2.3.0 | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3frj-7j4q-xc89: Open Ticket Request System (OTRS) before 2
ghsa_unreviewed·2022-05-17
CVE-2008-7277 [MEDIUM] GHSA-3frj-7j4q-xc89: Open Ticket Request System (OTRS) before 2
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.
OSV
CVE-2008-7277: Open Ticket Request System (OTRS) before 2
osv·2011-03-18·CVSS 6.5
CVE-2008-7277 [MEDIUM] CVE-2008-7277: Open Ticket Request System (OTRS) before 2
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.
Debian
CVE-2008-7277: otrs2 - Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permissio...
vendor_debian·2008·CVSS 6.5
CVE-2008-7277 [MEDIUM] CVE-2008-7277: otrs2 - Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permissio...
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.
Scope: local
bullseye: resolved (fixed in 2.3.2-1)
No detection rules found.
No public exploits indexed.
2011-03-18
Published