Security Advisory

CVE-2021-36097

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-18 07:00:13

Last updated 2024-09-16 22:51:23

Assigner OTRS

State PUBLISHED

Description

Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.

← Browse all CVEs View on cve.org ↗