CVE-2024-23794 | OTRS up to 8.0.x/2023.x/2024.4.x Ticket Property privileges assignment

Posted by Angelo Barbosa | Jul 15, 2024 | CVE

A vulnerability, which was classified as critical, was found in OTRS up to 8.0.x/2023.x/2024.4.x. Affected is the function AgentFrontend::Ticket::InlineEditing::Property of the component Ticket Handler. The manipulation leads to incorrect privilege assignment.

This vulnerability is traded as CVE-2024-23794. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-23794 | OTRS up to 8.0.x/2023.x/2024.4.x Ticket Property privileges assignment

Related Posts

CVE-2024-23855 | Cups Easy 1.0 URL taxcodemodify.php cross site scripting

CVE-2021-47528 | Linux Kernel up to 5.15.6 usb cdnsp_endpoint_init null pointer dereference (7d94bc8e335c/37307f7020ab)

CVE-2023-6277 | LibTIFF File tif_dirread.c TIFFOpen resource consumption

CVE-2024-28045 | Delta Electronics DIAEnergie up to 1.10.00.4 cross site scripting (icsa-24-074-12)