cbcvebase.
CVE-2024-23794
published 2024-07-15

CVE-2024-23794: An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with…

PriorityP345high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
0.27%
18.5th percentile
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS: * 8.0.X * 2023.X * from 2024.X through 2024.4.x

Affected

4 ranges
VendorProductVersion rangeFixed in
otrsotrs>= 8.0.0 < 2024.5.22024.5.2
otrs_agotrs
otrs_agotrs
otrs_agotrs2024.x – 2024.4.x
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.