Описание
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.0.0 (включая) до 8.0.16 (включая)
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00115
Низкий
3.5 Low
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-266
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 3.5
debian
больше 4 лет назад
Agents are able to lock the ticket without the "Owner" permission. Onc ...
CVSS3: 4.3
github
больше 3 лет назад
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.
EPSS
Процентиль: 30%
0.00115
Низкий
3.5 Low
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-266
NVD-CWE-noinfo