PT-2021-21117 · Otrs Ag · Otrs
Published
2021-10-18
·
Updated
2022-10-27
·
CVE-2021-36097
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
OTRS AG OTRS versions 8.0.16 and prior versions.
Description:
The issue allows agents to lock tickets without the "Owner" permission. Once a ticket is locked, it can be moved to a queue where the agent has "rw" permissions, granting them full control.
Recommendations:
For OTRS AG OTRS versions 8.0.16 and prior versions, update to a version that contains a fix for this issue to prevent agents from locking tickets without the necessary permissions.
Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Otrs