Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2008-7277HistoryOct 03, 2022 - 4:13 p.m.
CVE-2008-7277
2022-10-0316:13:53
Debian Security Bug Tracker
security-tracker.debian.org
9
otrs
authorization
vulnerability
merge
tickets
unix
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.4%
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | otrs2 | < 2.3.2-1 | otrs2_2.3.2-1_all.deb |
Related
nvd
nvd
CVE-2008-7277
2011-03-18 16:55:01
cve
cve
CVE-2008-7277
2022-10-03 16:13:53
openvas
openvas
OTRS < 2.3.0-beta4 Merge Operations Restriction Bypass Vulnerability
2013-09-20 00:00:00
cvelist
cvelist
CVE-2008-7277
2022-10-03 16:13:53
ubuntucve
ubuntucve
CVE-2008-7277
2011-03-18 00:00:00
prion
prion
Design/Logic Flaw
2011-03-18 16:55:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.4%
Related for DEBIANCVE:CVE-2008-7277