← Back

CVE-2008-7277

nvd nist
Published: Mar 18, 2011Modified: Apr 29, 2026

JSON object

Loading...
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD

Description

Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.

Affected (74)

Products: Otrs: Otrs
Otrs
1 product
Otrs
Configuration A
74 vulnerable
Vulnerable SoftwareAffected Versions
Otrs
Otrs
Up to 2.3.0
Otrs
Version 0.5 beta1
Otrs
Version 0.5 beta2
Otrs
Version 0.5 beta3
Otrs
Version 0.5 beta4
Otrs
Version 0.5 beta5
Otrs
Version 0.5 beta6
Otrs
Version 0.5 beta7
Otrs
Version 0.5 beta8
Otrs
Version 1.0.0
Otrs
Version 1.0.1
Otrs
Version 1.0.2
Otrs
Version 1.0 rc1
Otrs
Version 1.0 rc2
Otrs
Version 1.0 rc3
Otrs
Version 1.1.0 rc1
Otrs
Version 1.1.0 rc2
Otrs
Version 1.1.1
Otrs
Version 1.1.2
Otrs
Version 1.1.3
Otrs
Version 1.1.4
Otrs
Version 1.1 rc1
Otrs
Version 1.2.0 beta1
Otrs
Version 1.2.0 beta2
Otrs
Version 1.2.0 beta3
Otrs
Version 1.2.1
Otrs
Version 1.2.2
Otrs
Version 1.2.3
Otrs
Version 1.2.4
Otrs
Version 1.3.0 beta1
Otrs
Version 1.3.0 beta2
Otrs
Version 1.3.0 beta3
Otrs
Version 1.3.0 beta4
Otrs
Version 1.3.1
Otrs
Version 1.3.2
Otrs
Version 1.3.3
Otrs
Version 2.0.0
Otrs
Version 2.0.0 beta1
Otrs
Version 2.0.0 beta2
Otrs
Version 2.0.0 beta4
Otrs
Version 2.0.0 beta5
Otrs
Version 2.0.0 beta6
Otrs
Version 2.0.1
Otrs
Version 2.0.2
Otrs
Version 2.0.3
Otrs
Version 2.0.4
Otrs
Version 2.0.5
Otrs
Version 2.1.0 beta1
Otrs
Version 2.1.0 beta2
Otrs
Version 2.1.1
Otrs
Version 2.1.2
Otrs
Version 2.1.3
Otrs
Version 2.1.4
Otrs
Version 2.1.5
Otrs
Version 2.1.6
Otrs
Version 2.1.7
Otrs
Version 2.1.8
Otrs
Version 2.1.9
Otrs
Version 2.2.0 beta1
Otrs
Version 2.2.0 beta2
Otrs
Version 2.2.0 beta3
Otrs
Version 2.2.0 beta4
Otrs
Version 2.2.0 rc1
Otrs
Version 2.2.1
Otrs
Version 2.2.2
Otrs
Version 2.2.3
Otrs
Version 2.2.4
Otrs
Version 2.2.5
Otrs
Version 2.2.6
Otrs
Version 2.2.7
Otrs
Version 2.2.8
Otrs
Version 2.2.9
Otrs
Version 2.3.0 beta1
Otrs
Version 2.3.0 beta2

Related CWEs

CWE-264
CWE-264

References (4)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.