CVE-2008-7277

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2008-7277

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-7277.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2008-7277

Downstream

DEBIAN-CVE-2008-7277

Published

2011-03-18T16:55:01Z

Modified

2025-04-11T00:51:21Z

Summary

[none]

Details

Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.

References

http://bugs.otrs.org/show_bug.cgi?id=3045
http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807

CVE-2008-7277

Affected packages