CVE-2009-5056
published 2011-03-18CVE-2009-5056: Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated…
PriorityP411low2.1CVSS 2.0
AVNACHAuSCPINAN
EPSS
0.89%
54.9th percentile
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
Affected
55 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 2.4.5-1 (bullseye) | otrs2 2.4.5-1 (bullseye) |
| otrs | otrs | <= 2.4.0 | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.02.1LOWAV:N/AC:H/Au:S/C:P/I:N/A:N
osv2.1LOW
vendor_debian2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2009-5056: otrs2 - Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce t...
vendor_debian·2009·CVSS 2.1
CVE-2009-5056 [LOW] CVE-2009-5056: otrs2 - Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce t...
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
Scope: local
bullseye: resolved (fixed in 2.4.5-1)
GHSA
GHSA-pxq2-55c8-f947: Open Ticket Request System (OTRS) before 2
ghsa_unreviewed·2022-05-02
CVE-2009-5056 [LOW] CWE-20 GHSA-pxq2-55c8-f947: Open Ticket Request System (OTRS) before 2
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
OSV
CVE-2009-5056: Open Ticket Request System (OTRS) before 2
osv·2011-03-18·CVSS 2.1
CVE-2009-5056 [LOW] CVE-2009-5056: Open Ticket Request System (OTRS) before 2
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
No detection rules found.
No public exploits indexed.
2011-03-18
Published