CVE-2009-5056 — Improper Input Validation in Otrs

CWE-20 — Improper Input Validation CWE-841 — Improper Enforcement of Behavioral Workflow6 documents6 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 63.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedMar 18

Latest updateMay 2

Description

Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 2.4.5-1 (bullseye)

▶NVDotrs/otrs2.4.0+53

🔴Vulnerability Details

GHSA

GHSA-pxq2-55c8-f947: Open Ticket Request System (OTRS) before 2↗2022-05-02

▶

OSV

CVE-2009-5056: Open Ticket Request System (OTRS) before 2↗2011-03-18

▶

📋Vendor Advisories

Debian

CVE-2009-5056: otrs2 - Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce t...↗2009

▶

📐Framework References

CWE

Improper Enforcement of Behavioral Workflow↗

▶

💬Community

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶