CVE-2024-23794 - Vulnerability Details - OpenCVE

An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:

* 8.0.X
* 2023.X
* from 2024.X through 2024.4.x

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00107.

Key SSVC decision points have not yet been added.

Vendors	Products
Otrs	Otrs

Configuration 1 [-]

cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-21247	An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS: * 8.0.X * 2023.X * from 2024.X through 2024.4.x

Fixes

Solution

Update to OTRS 2024.5.2

Workaround

deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck

References

Link	Providers
https://otrs.com/release-notes/otrs-security-advisory-2024-06/

History

No history.

MITRE

Status: PUBLISHED

Assigner: OTRS

Published: 2024-07-15T07:14:09.557Z

Updated: 2024-08-01T23:13:07.432Z

Reserved: 2024-01-22T10:32:00.705Z

Link: CVE-2024-23794

Vulnrichment

Updated: 2024-08-01T23:13:07.432Z

NVD

Status : Modified

Published: 2024-07-15T08:15:02.470

Modified: 2024-11-21T08:58:25.990

Link: CVE-2024-23794

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23794", "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "state": "PUBLISHED", "assignerShortName": "OTRS", "dateReserved": "2024-01-22T10:32:00.705Z", "datePublished": "2024-07-15T07:14:09.557Z", "dateUpdated": "2024-08-01T23:13:07.432Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["inline editing"], "product": "OTRS", "vendor": "OTRS AG", "versions": [{"status": "affected", "version": "8.0.x"}, {"status": "affected", "version": "2023.x"}, {"lessThanOrEqual": "2024.4.x", "status": "affected", "version": "2024.x", "versionType": "Patch"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The sub setting RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch has to be activated by an administrator first and Ticket::Permission###1-OwnerCheck is enabled (default)<br><h2><br></h2><br>"}], "value": "The sub setting RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch has to be activated by an administrator first and Ticket::Permission###1-OwnerCheck is enabled (default)\n\n"}], "datePublic": "2024-07-15T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.<p>This issue affects OTRS: </p><ul><li>8.0.X</li><li>2023.X</li><li>from 2024.X through 2024.4.x</li></ul>"}], "value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:\u00a0\n\n * 8.0.X\n * 2023.X\n * from 2024.X through 2024.4.x\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "shortName": "OTRS", "dateUpdated": "2024-07-15T10:41:01.694Z"}, "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to OTRS 2024.5.2<br>"}], "value": "Update to OTRS 2024.5.2\n"}], "source": {"advisory": "OSA-2024-06", "defect": ["Issue#2409", "Ticket#2024042342000433"], "discovery": "USER"}, "title": "Agents are able to lock the ticket without the \"Owner\" permission", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck<br>"}], "value": "deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T14:46:31.889829Z", "id": "CVE-2024-23794", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:27:36.468Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.432Z"}, "title": "CVE Program Container", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.432Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23794", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-16T14:46:31.889829Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T14:46:51.360Z"}}], "cna": {"title": "Agents are able to lock the ticket without the \"Owner\" permission", "source": {"defect": ["Issue#2409", "Ticket#2024042342000433"], "advisory": "OSA-2024-06", "discovery": "USER"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OTRS AG", "modules": ["inline editing"], "product": "OTRS", "versions": [{"status": "affected", "version": "8.0.x"}, {"status": "affected", "version": "2023.x"}, {"status": "affected", "version": "2024.x", "versionType": "Patch", "lessThanOrEqual": "2024.4.x"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to OTRS 2024.5.2\n", "supportingMedia": [{"type": "text/html", "value": "Update to OTRS 2024.5.2<br>", "base64": false}]}], "datePublic": "2024-07-15T07:00:00.000Z", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"}], "workarounds": [{"lang": "en", "value": "deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck\n", "supportingMedia": [{"type": "text/html", "value": "deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:\u00a0\n\n * 8.0.X\n * 2023.X\n * from 2024.X through 2024.4.x\n\n", "supportingMedia": [{"type": "text/html", "value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.<p>This issue affects OTRS: </p><ul><li>8.0.X</li><li>2023.X</li><li>from 2024.X through 2024.4.x</li></ul>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "configurations": [{"lang": "en", "value": "The sub setting RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch has to be activated by an administrator first and Ticket::Permission###1-OwnerCheck is enabled (default)\n\n", "supportingMedia": [{"type": "text/html", "value": "The sub setting RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch has to be activated by an administrator first and Ticket::Permission###1-OwnerCheck is enabled (default)<br><h2><br></h2><br>", "base64": false}]}], "providerMetadata": {"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "shortName": "OTRS", "dateUpdated": "2024-07-15T10:41:01.694Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23794", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:13:07.432Z", "dateReserved": "2024-01-22T10:32:00.705Z", "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "datePublished": "2024-07-15T07:14:09.557Z", "assignerShortName": "OTRS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E122DB1-85DB-4430-A8C2-1B599364FD1F", "versionEndExcluding": "2024.5.2", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:\u00a0\n\n * 8.0.X\n * 2023.X\n * from 2024.X through 2024.4.x\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta en la funcionalidad de edici\u00f3n en l\u00ednea de OTRS puede provocar una escalada de privilegios. Esta falla permite que un agente con permisos de solo lectura obtenga acceso completo a un ticket. Este problema surge en casos muy raros cuando un administrador ha habilitado previamente la configuraci\u00f3n 'RequiredLock' de 'AgentFrontend::Ticket::InlineEditing::Property###Watch' en la configuraci\u00f3n del sistema. Este problema afecta a OTRS: * 8.0.X * 2023.X * desde 2024.X hasta 2024.4.x"}], "id": "CVE-2024-23794", "lastModified": "2024-11-21T08:58:25.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.2, "source": "security@otrs.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-15T08:15:02.470", "references": [{"source": "security@otrs.com", "tags": ["Vendor Advisory"], "url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"}], "sourceIdentifier": "security@otrs.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "security@otrs.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}