CVE-2024-23794
CVSS V2 None
CVSS V3 None
Description
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:
* 8.0.X
* 2023.X
* from 2024.X through 2024.4.x
Overview
- CVE ID
- CVE-2024-23794
- Assigner
- OTRS
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-15T07:14:09.557Z
- Last Modified Date
- 2024-07-15T10:41:01.694Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advisory-2024-06/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-23794 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23794 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-07-16 13:09:06 | Added to TrackCVE |