Vulnerability DatabaseCVE-2013-4088

CVE-2013-4088:
Linux Debian vulnerability analysis and mitigation

Overview

CVE-2013-4088 is a security vulnerability discovered in Open Ticket Request System (OTRS) affecting versions 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8. The vulnerability was identified in the Kernel/Modules/AgentTicketWatcher.pm component, which failed to properly implement ticket access restrictions (NVD, CVE).

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Under CVSS v2.0, it received a base score of 4.0 (Medium) with the vector (AV:N/AC:L/Au:S/C:P/I:N/A:N). The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

Impact

The vulnerability allows remote attackers with a valid agent login to access restricted tickets that they should not have permission to view. This unauthorized access is achieved through manipulation of URLs involving the ticket split mechanism, potentially leading to exposure of sensitive information (NVD, Mageia Advisory).

Mitigation and workarounds

The vulnerability has been addressed through security updates, with fixed versions being released as 3.0.21, 3.1.17, and 3.2.8. Various Linux distributions have also released patches, including Debian (DSA-2712-1) and Mageia (Debian Security, Mageia Advisory).

Additional resources

Source: This report was generated using AI

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-22776	HIGH	8.7	Linux Debian	cpp-httplib	No	No	Jan 12, 2026
CVE-2026-22801	MEDIUM	6.8	OpenJDK JDK	java-1.8.0-openjdk-accessibility-fastdebug	No	Yes	Jan 12, 2026
CVE-2026-22695	MEDIUM	6.1	OpenJDK JDK	java-1.8.0-openjdk-javadoc-zip	No	Yes	Jan 12, 2026
CVE-2026-22251	MEDIUM	5.3	Python	wlc	No	Yes	Jan 12, 2026
CVE-2026-0665	N/A	N/A	Linux Debian	qemu	No	No	Jan 13, 2026