CVE-2024-43446

Name of the Vulnerable Software and Affected Versions OTRS versions 6.0.x through 8.0.x OTRS versions 2023.x through 2024.x

Description An improper privilege management issue in the OTRS Generic Interface module allows users with read-only permissions to change the ticket status. This issue may affect products based on the OTRS Community Edition.

Recommendations For OTRS versions 6.0.x, consider restricting access to the Generic Interface module until a fix is available. For OTRS versions 7.0.x, 8.0.x, 2023.x, and 2024.x, restrict the use of the Generic Interface module to minimize the risk of exploitation. As a temporary workaround, consider disabling the functionality that allows ticket status changes through the Generic Interface module until a patch is available.