An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.
This issue affects OTRS: from 8.0.X before 8.0.35.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: OTRS
Published: 2023-07-24T08:28:03.242Z
Updated: 2024-10-17T13:03:11.116Z
Reserved: 2023-07-12T08:05:38.780Z
Link: CVE-2023-38058
Vulnrichment
Updated: 2024-08-02T17:30:13.987Z
NVD
Status : Modified
Published: 2023-07-24T09:15:10.003
Modified: 2024-11-21T08:12:46.147
Link: CVE-2023-38058
Redhat
No data.