CVE-2024-23794
published 2024-07-15CVE-2024-23794: An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with…
PriorityP345high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
0.27%
18.5th percentile
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:
* 8.0.X
* 2023.X
* from 2024.X through 2024.4.x
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| otrs | otrs | >= 8.0.0 < 2024.5.2 | 2024.5.2 |
| otrs_ag | otrs | — | — |
| otrs_ag | otrs | — | — |
| otrs_ag | otrs | 2024.x – 2024.4.x | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-15
Published