CVE-2008-7282

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions prior to 2.2.6

Description The issue allows remote authenticated users to bypass intended access restrictions and perform certain list and write operations on queues. This occurs when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled.

Recommendations For versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider disabling the CustomerPanelOwnSelection and CustomerGroupSupport options until a patch is available. Restrict access to sensitive queues to minimize the risk of exploitation.