Permissions, Privileges, and Access Controls in OTRS - CVE-2008-7282
Published: March 18, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45203
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2008-7282
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: otrs.org
Affected software:
OTRS
OTRS
Detailed vulnerability description
The vulnerability allows a remote #AU# to read and manipulate data.
Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors.
How to mitigate CVE-2008-7282
Install update from vendor's website.