CVE-2008-7277
EPSS 0.20%
Description
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.
How to fix CVE-2008-7277
To remediate CVE-2008-7277, upgrade the affected package to a fixed version below.
- Debian/otrs2—upgrade to 2.3.2-1 or later
Is CVE-2008-7277 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.3.2-1