First published: Mon Jul 15 2024(Updated: )
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS: * 8.0.X * 2023.X * from 2024.X through 2024.4.x
Credit: security@otrs.com
Affected Software | Affected Version | How to fix |
---|---|---|
OTRS | >=8.0.0<2024.5.2 |
Update to OTRS 2024.5.2
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-23794 is classified as a high severity vulnerability due to its potential for privilege escalation.
To fix CVE-2024-23794, update OTRS to a version greater than 2024.5.2 or apply any available security patches.
CVE-2024-23794 can allow agents with read-only permissions to gain full access to tickets, compromising security.
CVE-2024-23794 affects OTRS versions from 8.0.0 up to 2024.5.2.
OTRS administrator and agent users are primarily affected by CVE-2024-23794 due to the privilege escalation capability.