CVE-2008-7282
First published: Fri Mar 18 2011(Updated: )
Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OTRS | <=2.2.5 | |
| OTRS | =0.5-beta1 | |
| OTRS | =0.5-beta2 | |
| OTRS | =0.5-beta3 | |
| OTRS | =0.5-beta4 | |
| OTRS | =0.5-beta5 | |
| OTRS | =0.5-beta6 | |
| OTRS | =0.5-beta7 | |
| OTRS | =0.5-beta8 | |
| OTRS | =1.0-rc1 | |
| OTRS | =1.0-rc2 | |
| OTRS | =1.0-rc3 | |
| OTRS | =1.0.0 | |
| OTRS | =1.0.1 | |
| OTRS | =1.0.2 | |
| OTRS | =1.1-rc1 | |
| OTRS | =1.1.0-rc1 | |
| OTRS | =1.1.0-rc2 | |
| OTRS | =1.1.1 | |
| OTRS | =1.1.2 | |
| OTRS | =1.1.3 | |
| OTRS | =1.1.4 | |
| OTRS | =1.2.0-beta1 | |
| OTRS | =1.2.0-beta2 | |
| OTRS | =1.2.0-beta3 | |
| OTRS | =1.2.1 | |
| OTRS | =1.2.2 | |
| OTRS | =1.2.3 | |
| OTRS | =1.2.4 | |
| OTRS | =1.3.0-beta1 | |
| OTRS | =1.3.0-beta2 | |
| OTRS | =1.3.0-beta3 | |
| OTRS | =1.3.0-beta4 | |
| OTRS | =1.3.1 | |
| OTRS | =1.3.2 | |
| OTRS | =1.3.3 | |
| OTRS | =2.0.0 | |
| OTRS | =2.0.0-beta1 | |
| OTRS | =2.0.0-beta2 | |
| OTRS | =2.0.0-beta4 | |
| OTRS | =2.0.0-beta5 | |
| OTRS | =2.0.0-beta6 | |
| OTRS | =2.0.1 | |
| OTRS | =2.0.2 | |
| OTRS | =2.0.3 | |
| OTRS | =2.0.4 | |
| OTRS | =2.0.5 | |
| OTRS | =2.1.0-beta1 | |
| OTRS | =2.1.0-beta2 | |
| OTRS | =2.1.1 | |
| OTRS | =2.1.2 | |
| OTRS | =2.1.3 | |
| OTRS | =2.1.4 | |
| OTRS | =2.1.5 | |
| OTRS | =2.1.6 | |
| OTRS | =2.1.7 | |
| OTRS | =2.1.8 | |
| OTRS | =2.1.9 | |
| OTRS | =2.2.0-beta1 | |
| OTRS | =2.2.0-beta2 | |
| OTRS | =2.2.0-beta3 | |
| OTRS | =2.2.0-beta4 | |
| OTRS | =2.2.0-rc1 | |
| OTRS | =2.2.1 | |
| OTRS | =2.2.2 | |
| OTRS | =2.2.3 | |
| OTRS | =2.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-7282?
CVE-2008-7282 is classified as a medium severity vulnerability due to its potential to allow unauthorized access to information.
How do I fix CVE-2008-7282?
To fix CVE-2008-7282, upgrade to OTRS version 2.2.6 or later where the vulnerability has been addressed.
What software is affected by CVE-2008-7282?
CVE-2008-7282 affects multiple versions of the Open Ticket Request System (OTRS) prior to 2.2.6.
Can CVE-2008-7282 be exploited remotely?
Yes, CVE-2008-7282 can be exploited remotely by authenticated users to bypass access restrictions.
What options need to be enabled for CVE-2008-7282 to be a threat?
CVE-2008-7282 requires the CustomerPanelOwnSelection and CustomerGroupSupport options to be enabled to pose a threat.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/otrs
- canonical/otrs
- version/otrs/2.2.5
- version/otrs/0.5-beta1
- version/otrs/0.5-beta2
- version/otrs/0.5-beta3
- version/otrs/0.5-beta4
- version/otrs/0.5-beta5
- version/otrs/0.5-beta6
- version/otrs/0.5-beta7
- version/otrs/0.5-beta8
- version/otrs/1.0-rc1
- version/otrs/1.0-rc2
- version/otrs/1.0-rc3
- version/otrs/1.0.0
- version/otrs/1.0.1
- version/otrs/1.0.2
- version/otrs/1.1-rc1
- version/otrs/1.1.0-rc1
- version/otrs/1.1.0-rc2
- version/otrs/1.1.1
- version/otrs/1.1.2
- version/otrs/1.1.3
- version/otrs/1.1.4
- version/otrs/1.2.0-beta1
- version/otrs/1.2.0-beta2
- version/otrs/1.2.0-beta3
- version/otrs/1.2.1
- version/otrs/1.2.2
- version/otrs/1.2.3
- version/otrs/1.2.4
- version/otrs/1.3.0-beta1
- version/otrs/1.3.0-beta2
- version/otrs/1.3.0-beta3
- version/otrs/1.3.0-beta4
- version/otrs/1.3.1
- version/otrs/1.3.2
- version/otrs/1.3.3
- version/otrs/2.0.0
- version/otrs/2.0.0-beta1
- version/otrs/2.0.0-beta2
- version/otrs/2.0.0-beta4
- version/otrs/2.0.0-beta5
- version/otrs/2.0.0-beta6
- version/otrs/2.0.1
- version/otrs/2.0.2
- version/otrs/2.0.3
- version/otrs/2.0.4
- version/otrs/2.0.5
- version/otrs/2.1.0-beta1
- version/otrs/2.1.0-beta2
- version/otrs/2.1.1
- version/otrs/2.1.2
- version/otrs/2.1.3
- version/otrs/2.1.4
- version/otrs/2.1.5
- version/otrs/2.1.6
- version/otrs/2.1.7
- version/otrs/2.1.8
- version/otrs/2.1.9
- version/otrs/2.2.0-beta1
- version/otrs/2.2.0-beta2
- version/otrs/2.2.0-beta3
- version/otrs/2.2.0-beta4
- version/otrs/2.2.0-rc1
- version/otrs/2.2.1
- version/otrs/2.2.2
- version/otrs/2.2.3
- version/otrs/2.2.4