How severe is CVE-2024-23794?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-23794?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2024-23794 - HIGH Severity | CVSS 7.5

Vulnerability Description

An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS: * 8.0.X * 2023.X * from 2024.X through 2024.4.x

Related Vulnerabilities

CVE-2019-14819

HIGH

CVSS:7.5(High)

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the u...

CWE-2662019

CVE-2021-47241

HIGH

CVSS:7.5(High)

In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for. This may result in ...

CWE-2662021

CVE-2022-3436

HIGH

CVSS:7.5(High)

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the ...

CWE-2662022

CVE-2022-4280

HIGH

CVSS:7.5(High)

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The mani...

CWE-2662022

CVE-2023-5077

HIGH

CVSS:7.5(High)

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.

CWE-2662023

CVE-2024-40681

HIGH

CVSS:7.5(High)

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue ma...

CWE-2662024