Описание
An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions.
This issue affects:
-
OTRS 7.0.X
-
OTRS 8.0.X
-
OTRS 2023.X
-
OTRS 2024.X
-
((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
EPSS
Процентиль: 19%
0.00061
Низкий
3.5 Low
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 3.5
github
около 1 года назад
An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected
EPSS
Процентиль: 19%
0.00061
Низкий
3.5 Low
CVSS3
Дефекты
CWE-269