Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.
CPE | Name | Operator | Version |
---|---|---|---|
otrs | eq | 2.0.0 beta4 | |
otrs | eq | 2.0.0 beta2 | |
otrs | eq | 2.3.0 beta2 | |
otrs | eq | 2.1.3 | |
otrs | eq | 2.2.4 | |
otrs | eq | 2.2.5 | |
otrs | eq | 1.0.2 | |
otrs | eq | 2.1.8 | |
otrs | eq | 1.1.1 | |
otrs | eq | 2.3.0 beta1 |