VYPR
Unrated severityNVD Advisory· Published Jul 24, 2023· Updated Oct 17, 2024

Tickets can be moved without permissions

CVE-2023-38058

Description

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OTRS/Otrsllm-fuzzy2 versions
    >=8.0.0, <8.0.35+ 1 more
    • (no CPE)range: >=8.0.0, <8.0.35
    • (no CPE)range: 8.0.x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.