CVE Vulnerabilities

CVE-2008-7277

Published: Mar 18, 2011 | Modified: Mar 22, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.

Affected Software

Name Vendor Start Version End Version
Otrs Otrs * 2.3.0 (including)
Otrs Otrs 0.5-beta1 (including) 0.5-beta1 (including)
Otrs Otrs 0.5-beta2 (including) 0.5-beta2 (including)
Otrs Otrs 0.5-beta3 (including) 0.5-beta3 (including)
Otrs Otrs 0.5-beta4 (including) 0.5-beta4 (including)
Otrs Otrs 0.5-beta5 (including) 0.5-beta5 (including)
Otrs Otrs 0.5-beta6 (including) 0.5-beta6 (including)
Otrs Otrs 0.5-beta7 (including) 0.5-beta7 (including)
Otrs Otrs 0.5-beta8 (including) 0.5-beta8 (including)
Otrs Otrs 1.0-rc1 (including) 1.0-rc1 (including)
Otrs Otrs 1.0-rc2 (including) 1.0-rc2 (including)
Otrs Otrs 1.0-rc3 (including) 1.0-rc3 (including)
Otrs Otrs 1.0.0 (including) 1.0.0 (including)
Otrs Otrs 1.0.1 (including) 1.0.1 (including)
Otrs Otrs 1.0.2 (including) 1.0.2 (including)
Otrs Otrs 1.1-rc1 (including) 1.1-rc1 (including)
Otrs Otrs 1.1.0-rc1 (including) 1.1.0-rc1 (including)
Otrs Otrs 1.1.0-rc2 (including) 1.1.0-rc2 (including)
Otrs Otrs 1.1.1 (including) 1.1.1 (including)
Otrs Otrs 1.1.2 (including) 1.1.2 (including)
Otrs Otrs 1.1.3 (including) 1.1.3 (including)
Otrs Otrs 1.1.4 (including) 1.1.4 (including)
Otrs Otrs 1.2.0-beta1 (including) 1.2.0-beta1 (including)
Otrs Otrs 1.2.0-beta2 (including) 1.2.0-beta2 (including)
Otrs Otrs 1.2.0-beta3 (including) 1.2.0-beta3 (including)
Otrs Otrs 1.2.1 (including) 1.2.1 (including)
Otrs Otrs 1.2.2 (including) 1.2.2 (including)
Otrs Otrs 1.2.3 (including) 1.2.3 (including)
Otrs Otrs 1.2.4 (including) 1.2.4 (including)
Otrs Otrs 1.3.0-beta1 (including) 1.3.0-beta1 (including)
Otrs Otrs 1.3.0-beta2 (including) 1.3.0-beta2 (including)
Otrs Otrs 1.3.0-beta3 (including) 1.3.0-beta3 (including)
Otrs Otrs 1.3.0-beta4 (including) 1.3.0-beta4 (including)
Otrs Otrs 1.3.1 (including) 1.3.1 (including)
Otrs Otrs 1.3.2 (including) 1.3.2 (including)
Otrs Otrs 1.3.3 (including) 1.3.3 (including)
Otrs Otrs 2.0.0 (including) 2.0.0 (including)
Otrs Otrs 2.0.0-beta1 (including) 2.0.0-beta1 (including)
Otrs Otrs 2.0.0-beta2 (including) 2.0.0-beta2 (including)
Otrs Otrs 2.0.0-beta4 (including) 2.0.0-beta4 (including)
Otrs Otrs 2.0.0-beta5 (including) 2.0.0-beta5 (including)
Otrs Otrs 2.0.0-beta6 (including) 2.0.0-beta6 (including)
Otrs Otrs 2.0.1 (including) 2.0.1 (including)
Otrs Otrs 2.0.2 (including) 2.0.2 (including)
Otrs Otrs 2.0.3 (including) 2.0.3 (including)
Otrs Otrs 2.0.4 (including) 2.0.4 (including)
Otrs Otrs 2.0.5 (including) 2.0.5 (including)
Otrs Otrs 2.1.0-beta1 (including) 2.1.0-beta1 (including)
Otrs Otrs 2.1.0-beta2 (including) 2.1.0-beta2 (including)
Otrs Otrs 2.1.1 (including) 2.1.1 (including)
Otrs Otrs 2.1.2 (including) 2.1.2 (including)
Otrs Otrs 2.1.3 (including) 2.1.3 (including)
Otrs Otrs 2.1.4 (including) 2.1.4 (including)
Otrs Otrs 2.1.5 (including) 2.1.5 (including)
Otrs Otrs 2.1.6 (including) 2.1.6 (including)
Otrs Otrs 2.1.7 (including) 2.1.7 (including)
Otrs Otrs 2.1.8 (including) 2.1.8 (including)
Otrs Otrs 2.1.9 (including) 2.1.9 (including)
Otrs Otrs 2.2.0-beta1 (including) 2.2.0-beta1 (including)
Otrs Otrs 2.2.0-beta2 (including) 2.2.0-beta2 (including)
Otrs Otrs 2.2.0-beta3 (including) 2.2.0-beta3 (including)
Otrs Otrs 2.2.0-beta4 (including) 2.2.0-beta4 (including)
Otrs Otrs 2.2.0-rc1 (including) 2.2.0-rc1 (including)
Otrs Otrs 2.2.1 (including) 2.2.1 (including)
Otrs Otrs 2.2.2 (including) 2.2.2 (including)
Otrs Otrs 2.2.3 (including) 2.2.3 (including)
Otrs Otrs 2.2.4 (including) 2.2.4 (including)
Otrs Otrs 2.2.5 (including) 2.2.5 (including)
Otrs Otrs 2.2.6 (including) 2.2.6 (including)
Otrs Otrs 2.2.7 (including) 2.2.7 (including)
Otrs Otrs 2.2.8 (including) 2.2.8 (including)
Otrs Otrs 2.2.9 (including) 2.2.9 (including)
Otrs Otrs 2.3.0-beta1 (including) 2.3.0-beta1 (including)
Otrs Otrs 2.3.0-beta2 (including) 2.3.0-beta2 (including)
Otrs2 Ubuntu hardy *
Otrs2 Ubuntu upstream *

References