CVE-2023-38058

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions OTRS versions 8.0.X through 8.0.34

Description An improper privilege check in the OTRS ticket move action in the agent interface allows any authenticated attacker to perform a move of a ticket without the needed permission.

Recommendations For OTRS versions 8.0.X through 8.0.34, update to version 8.0.35 or later to resolve the issue. As a temporary workaround, consider restricting access to the ticket move action in the agent interface until a patch is available.

Fix

Incorrect Authorization

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-269

Related Identifiers

CVE-2023-38058

Affected Products

Otrs

CVE-2023-38058

Weakness Enumeration

Related Identifiers

Affected Products

References · 7