An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.
This issue affects OTRS: from 8.0.X before 8.0.35.

Related CVEs

CVE-2023-38058

Key Information

GHSA ID

GHSA-q58q-5fj7-r8px

Published

July 24, 2023 9:30 AM

Last Modified

April 4, 2024 6:19 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.