Search criteria
403 vulnerabilities found for otrs by otrs
FKIE_CVE-2025-24387
Vulnerability from fkie_nvd - Published: 2025-03-10 10:15 - Updated: 2025-03-24 14:11
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive
cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* OTRS 2025.x
References
| URL | Tags | ||
|---|---|---|---|
| security@otrs.com | https://otrs.com/release-notes/otrs-security-advisory-2025-05/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94C7FB8D-6F6C-4C2C-8F52-EE231CDFB848",
"versionEndIncluding": "2025.1.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive \ncookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.\n\u00a0\n\nThis issue affects:\n\n * OTRS 7.0.X\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n * OTRS 2025.x"
},
{
"lang": "es",
"value": "Una vulnerabilidad en OTRS Application Server permite el secuestro de sesiones debido a la falta de atributos para configuraciones de cookies confidenciales en sesiones HTTPS. Una solicitud a un endpoint de OTRS desde un posible sitio web malicioso enviar\u00eda la cookie de autenticaci\u00f3n y realizar\u00eda una operaci\u00f3n de lectura no deseada. Este problema afecta a: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.x"
}
],
"id": "CVE-2025-24387",
"lastModified": "2025-03-24T14:11:20.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-10T10:15:14.360",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2025-05/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1275"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-6540
Vulnerability from fkie_nvd - Published: 2024-07-15 08:15 - Updated: 2024-11-21 09:49
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.
This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E122DB1-85DB-4430-A8C2-1B599364FD1F",
"versionEndExcluding": "2024.5.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.\nThis issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x\n\n"
},
{
"lang": "es",
"value": "Un filtrado inadecuado de los campos al utilizar la funci\u00f3n de exportaci\u00f3n en la descripci\u00f3n general de tickets de la interfaz externa en OTRS podr\u00eda permitir a un usuario autorizado descargar una lista de tickets que contiene informaci\u00f3n sobre tickets de otros clientes. El problema solo ocurre si el administrador ha desactivado TicketSearchLegacyEngine. Este problema afecta a OTRS: 8.0.X, 2023.X, desde 2024.X hasta 2024.4.x"
}
],
"id": "CVE-2024-6540",
"lastModified": "2024-11-21T09:49:50.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T08:15:02.743",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-790"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-23794
Vulnerability from fkie_nvd - Published: 2024-07-15 08:15 - Updated: 2024-11-21 08:58
Severity ?
5.2 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:
* 8.0.X
* 2023.X
* from 2024.X through 2024.4.x
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E122DB1-85DB-4430-A8C2-1B599364FD1F",
"versionEndExcluding": "2024.5.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting \u0027RequiredLock\u0027 of \u0027AgentFrontend::Ticket::InlineEditing::Property###Watch\u0027 in the system configuration.This issue affects OTRS:\u00a0\n\n * 8.0.X\n * 2023.X\n * from 2024.X through 2024.4.x\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta en la funcionalidad de edici\u00f3n en l\u00ednea de OTRS puede provocar una escalada de privilegios. Esta falla permite que un agente con permisos de solo lectura obtenga acceso completo a un ticket. Este problema surge en casos muy raros cuando un administrador ha habilitado previamente la configuraci\u00f3n \u0027RequiredLock\u0027 de \u0027AgentFrontend::Ticket::InlineEditing::Property###Watch\u0027 en la configuraci\u00f3n del sistema. Este problema afecta a OTRS: * 8.0.X * 2023.X * desde 2024.X hasta 2024.4.x"
}
],
"id": "CVE-2024-23794",
"lastModified": "2024-11-21T08:58:25.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T08:15:02.470",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-23790
Vulnerability from fkie_nvd - Published: 2024-01-29 10:15 - Updated: 2024-11-21 08:58
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E47E75A-C9A9-40EE-A5DE-B4CDD98E7B7F",
"versionEndExcluding": "7.0.49",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9B2075-4C3E-48C9-96DA-655E4F29325A",
"versionEndExcluding": "2024.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en la funcionalidad de carga de avatares de usuarios permite un mal uso de la funcionalidad debido a la falta de verificaci\u00f3n de los tipos de archivos. Este problema afecta a OTRS: desde 7.0.X hasta 7.0.48, desde 8.0.X hasta 8.0.37, desde 2023 hasta 2023.1.1."
}
],
"id": "CVE-2024-23790",
"lastModified": "2024-11-21T08:58:25.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-29T10:15:08.263",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-23792
Vulnerability from fkie_nvd - Published: 2024-01-29 10:15 - Updated: 2024-11-21 08:58
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
When adding attachments to ticket comments,
another user can add attachments as well impersonating the orginal user. The attack requires a
logged-in other user to know the UUID. While the legitimate user
completes the comment, the malicious user can add more files to the
comment.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E47E75A-C9A9-40EE-A5DE-B4CDD98E7B7F",
"versionEndExcluding": "7.0.49",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9B2075-4C3E-48C9-96DA-655E4F29325A",
"versionEndExcluding": "2024.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When adding attachments to ticket comments, \nanother user can add attachments as well impersonating the orginal user. The attack requires a \nlogged-in other user to know the UUID. While the legitimate user \ncompletes the comment, the malicious user can add more files to the \ncomment.\n\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
},
{
"lang": "es",
"value": "Al agregar archivos adjuntos a los comentarios del ticket, otro usuario puede agregar archivos adjuntos y hacerse pasar por el usuario original. El ataque requiere que otro usuario que haya iniciado sesi\u00f3n conozca el UUID. Mientras el usuario leg\u00edtimo completa el comentario, el usuario malintencionado puede agregar m\u00e1s archivos al comentario. Este problema afecta a OTRS: desde 7.0.X hasta 7.0.48, desde 8.0.X hasta 8.0.37, desde 2023.X hasta 2023.1.1."
}
],
"id": "CVE-2024-23792",
"lastModified": "2024-11-21T08:58:25.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-29T10:15:08.683",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-23791
Vulnerability from fkie_nvd - Published: 2024-01-29 10:15 - Updated: 2024-11-21 08:58
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E47E75A-C9A9-40EE-A5DE-B4CDD98E7B7F",
"versionEndExcluding": "7.0.49",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9B2075-4C3E-48C9-96DA-655E4F29325A",
"versionEndExcluding": "2024.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
},
{
"lang": "es",
"value": "La inserci\u00f3n de informaci\u00f3n de depuraci\u00f3n en el archivo de registro durante la creaci\u00f3n del \u00edndice de b\u00fasqueda el\u00e1stico permite leer informaci\u00f3n confidencial de los art\u00edculos. Este problema afecta a OTRS: de 7.0.X a 7.0.48, de 8.0.X a 8.0.37, de 2023.X a 2023.1 .1."
}
],
"id": "CVE-2024-23791",
"lastModified": "2024-11-21T08:58:25.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-29T10:15:08.483",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-6254
Vulnerability from fkie_nvd - Published: 2023-11-27 10:15 - Updated: 2024-11-21 08:43
Severity ?
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-
This issue affects OTRS: from 8.0.X through 8.0.37.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F18FE4E-E69A-4741-B549-E5739BA3B6E7",
"versionEndIncluding": "8.0.37",
"versionStartIncluding": "8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-\nThis issue affects OTRS: from 8.0.X through 8.0.37.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad en OTRS AgentInterface y ExternalInterface permite la lectura de contrase\u00f1as de texto plano que se env\u00edan al cliente en la respuesta del servidor. Este problema afecta a OTRS: desde 8.0.X hasta 8.0.37."
}
],
"id": "CVE-2023-6254",
"lastModified": "2024-11-21T08:43:28.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-27T10:15:08.863",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-11/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-5422
Vulnerability from fkie_nvd - Published: 2023-10-16 09:15 - Updated: 2024-11-21 08:41
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the
SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate
satisfies all necessary security requirements.
This could allow an
attacker to use an invalid certificate to claim to be a trusted host,
use expired certificates, or conduct other attacks that could be
detected if the certificate is properly validated.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F933EBB8-2E51-4E24-BB9E-64FBE0FCBFDB",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C07539-E637-4A14-97EE-9FE4CB60644F",
"versionEndExcluding": "7.0.47",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "400DD972-B06D-44C6-BD88-737BA162B3E1",
"versionEndExcluding": "8.0.37",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the \nSSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate \nsatisfies all necessary security requirements.\n\nThis could allow an \nattacker to use an invalid certificate to claim to be a trusted host, \nuse expired certificates, or conduct other attacks that could be \ndetected if the certificate is properly validated.\n\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
},
{
"lang": "es",
"value": "Las funciones para recuperar correos electr\u00f3nicos a trav\u00e9s de POP3 o IMAP, as\u00ed como enviar correos electr\u00f3nicos a trav\u00e9s de SMTP, utilizan OpenSSL para comunicaciones basadas en SSL o TLS est\u00e1ticas. Como no se utiliza la funci\u00f3n SSL_get_verify_result(), el certificado siempre es confiable y no se puede garantizar que el certificado cumpla con todos los requisitos de seguridad necesarios. Esto podr\u00eda permitir a un atacante utilizar un certificado no v\u00e1lido para afirmar que es un host confiable, utilizar certificados caducados o realizar otros ataques que podr\u00edan detectarse si el certificado se valida correctamente. Este problema afecta a OTRS: desde 7.0.X anterior a 7.0.47, desde 8.0.X anterior a 8.0.37; ((OTRS)) Community Edition: desde 6.0.X hasta 6.0.34."
}
],
"id": "CVE-2023-5422",
"lastModified": "2024-11-21T08:41:44.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.8,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T09:15:12.013",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-5421
Vulnerability from fkie_nvd - Published: 2023-10-16 09:15 - Updated: 2024-11-21 08:41
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Summary
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs
immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F933EBB8-2E51-4E24-BB9E-64FBE0FCBFDB",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C07539-E637-4A14-97EE-9FE4CB60644F",
"versionEndExcluding": "7.0.47",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "400DD972-B06D-44C6-BD88-737BA162B3E1",
"versionEndExcluding": "8.0.37",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs \nimmediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
},
{
"lang": "es",
"value": "Un atacante que haya iniciado sesi\u00f3n en OTRS como usuario con privilegios para crear y cambiar datos de usuario del cliente puede manipular el campo CustomerID para ejecutar c\u00f3digo JavaScript que se ejecuta inmediatamente despu\u00e9s de guardar los datos. El problema solo ocurre si se cambi\u00f3 la configuraci\u00f3n de AdminCustomerUser::UseAutoComplete antes. Este problema afecta a OTRS: desde 7.0.X anterior a 7.0.47, desde 8.0.X anterior a 8.0.37; ((OTRS)) Community Edition: desde 6.0.X hasta 6.0.34."
}
],
"id": "CVE-2023-5421",
"lastModified": "2024-11-21T08:41:44.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T09:15:11.940",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-38059
Vulnerability from fkie_nvd - Published: 2023-10-16 09:15 - Updated: 2024-11-21 08:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F933EBB8-2E51-4E24-BB9E-64FBE0FCBFDB",
"versionEndIncluding": "6.0.34",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C07539-E637-4A14-97EE-9FE4CB60644F",
"versionEndExcluding": "7.0.47",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "400DD972-B06D-44C6-BD88-737BA162B3E1",
"versionEndExcluding": "8.0.37",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
},
{
"lang": "es",
"value": "La carga de im\u00e1genes externas no se bloquea, incluso si est\u00e1 configurada, si el atacante utiliza una URL relativa al protocolo en el payload. Esto se puede utilizar para recuperar la IP del usuario. Este problema afecta a OTRS: desde 7.0.X anterior a 7.0.47, desde 8.0.X anterior a 8.0.37; ((OTRS)) Community Edition: desde la versi\u00f3n 6.0.X hasta la 6.0.34."
}
],
"id": "CVE-2023-38059",
"lastModified": "2024-11-21T08:12:46.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T09:15:10.243",
"references": [
{
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@otrs.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-24387 (GCVE-0-2025-24387)
Vulnerability from cvelistv5 – Published: 2025-03-10 09:28 – Updated: 2025-03-10 13:12
VLAI?
Summary
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive
cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* OTRS 2025.x
Severity ?
4.8 (Medium)
CWE
- CWE-1275 - Sensitive Cookie with Improper SameSite Attribute
Assigner
References
Impacted products
Credits
Special thanks to Alissa Kim for reporting this vulnerability.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T13:12:24.747437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T13:12:40.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Application Server"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "7.0.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "2023.x"
},
{
"status": "affected",
"version": "2024.x"
},
{
"lessThanOrEqual": "2025.1.2",
"status": "affected",
"version": "2025.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Special thanks to Alissa Kim for reporting this vulnerability."
}
],
"datePublic": "2025-03-10T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive \ncookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.\u003cbr\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOTRS 7.0.X\u003c/li\u003e\u003cli\u003eOTRS 8.0.X\u003c/li\u003e\u003cli\u003eOTRS 2023.X\u003c/li\u003e\u003cli\u003eOTRS 2024.X\u003c/li\u003e\u003cli\u003eOTRS 2025.x \u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive \ncookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.\n\u00a0\n\nThis issue affects:\n\n * OTRS 7.0.X\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n * OTRS 2025.x"
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1275",
"description": "CWE-1275: Sensitive Cookie with Improper SameSite Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T09:28:31.053Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2025-05/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2025.2.x. Please note that there will be no OTRS 7 patches\u003cbr\u003e"
}
],
"value": "Update to OTRS 2025.2.x. Please note that there will be no OTRS 7 patches"
}
],
"source": {
"advisory": "OSA-2025-05",
"defect": [
"Issue#3080",
"Ticket#2024110542002023"
],
"discovery": "EXTERNAL"
},
"title": "Missing CSRF protection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2025-24387",
"datePublished": "2025-03-10T09:28:31.053Z",
"dateReserved": "2025-01-21T09:09:58.720Z",
"dateUpdated": "2025-03-10T13:12:40.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23794 (GCVE-0-2024-23794)
Vulnerability from cvelistv5 – Published: 2024-07-15 07:14 – Updated: 2024-08-01 23:13
VLAI?
Summary
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:
* 8.0.X
* 2023.X
* from 2024.X through 2024.4.x
Severity ?
5.2 (Medium)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:46:31.889829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T14:27:36.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"inline editing"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "2023.x"
},
{
"lessThanOrEqual": "2024.4.x",
"status": "affected",
"version": "2024.x",
"versionType": "Patch"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The sub setting RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch has to be activated by an administrator first and Ticket::Permission###1-OwnerCheck is enabled (default)\u003cbr\u003e\u003ch2\u003e\u003cbr\u003e\u003c/h2\u003e\u003cbr\u003e"
}
],
"value": "The sub setting RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch has to be activated by an administrator first and Ticket::Permission###1-OwnerCheck is enabled (default)\n\n"
}
],
"datePublic": "2024-07-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting \u0027RequiredLock\u0027 of \u0027AgentFrontend::Ticket::InlineEditing::Property###Watch\u0027 in the system configuration.\u003cp\u003eThis issue affects OTRS:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e8.0.X\u003c/li\u003e\u003cli\u003e2023.X\u003c/li\u003e\u003cli\u003efrom 2024.X through 2024.4.x\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting \u0027RequiredLock\u0027 of \u0027AgentFrontend::Ticket::InlineEditing::Property###Watch\u0027 in the system configuration.This issue affects OTRS:\u00a0\n\n * 8.0.X\n * 2023.X\n * from 2024.X through 2024.4.x\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T10:41:01.694Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2024.5.2\u003cbr\u003e"
}
],
"value": "Update to OTRS 2024.5.2\n"
}
],
"source": {
"advisory": "OSA-2024-06",
"defect": [
"Issue#2409",
"Ticket#2024042342000433"
],
"discovery": "USER"
},
"title": "Agents are able to lock the ticket without the \"Owner\" permission",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck\u003cbr\u003e"
}
],
"value": "deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23794",
"datePublished": "2024-07-15T07:14:09.557Z",
"dateReserved": "2024-01-22T10:32:00.705Z",
"dateUpdated": "2024-08-01T23:13:07.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6540 (GCVE-0-2024-6540)
Vulnerability from cvelistv5 – Published: 2024-07-15 07:13 – Updated: 2024-08-01 21:41
VLAI?
Summary
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.
This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
Severity ?
5.7 (Medium)
CWE
- CWE-790 - Improper Filtering of Special Elements
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:10:12.804749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:10:28.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"External interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "2023.x"
},
{
"lessThanOrEqual": "2024.4.x",
"status": "affected",
"version": "2024.x",
"versionType": "Patch"
}
]
}
],
"datePublic": "2024-07-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x\u003c/p\u003e"
}
],
"value": "Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.\nThis issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790 Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T10:41:47.335Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2024.5.2\u003cbr\u003e"
}
],
"value": "Update to OTRS 2024.5.2\n"
}
],
"source": {
"advisory": "OSA-2024-07",
"defect": [
"Issue##2638",
"Ticket#2024070142001245"
],
"discovery": "USER"
},
"title": "Information exlosure in external interface",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Have TicketSearchLegacyEngine enabled\u003cbr\u003e"
}
],
"value": "Have TicketSearchLegacyEngine enabled\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-6540",
"datePublished": "2024-07-15T07:13:49.918Z",
"dateReserved": "2024-07-08T07:35:49.064Z",
"dateUpdated": "2024-08-01T21:41:03.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23790 (GCVE-0-2024-23790)
Vulnerability from cvelistv5 – Published: 2024-01-29 09:21 – Updated: 2025-06-17 21:29
VLAI?
Summary
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Special thanks to Matthias Püschel for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T13:20:27.471691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:17.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent Interface",
"External Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "2023",
"versionType": "Patch"
},
{
"lessThanOrEqual": "7.0.48",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"datePublic": "2024-01-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T09:21:14.996Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to OTRS Patch 2024.1.1\u003c/div\u003e\u003cdiv\u003eUpdate to OTRS 7.0.49 (Long Term Support Users)\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"source": {
"advisory": "OSA-2024-01",
"defect": [
"Ticket#2023083042000825",
"Issue#1306"
],
"discovery": "EXTERNAL"
},
"title": "Missing file type check in avatar picture upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23790",
"datePublished": "2024-01-29T09:21:14.996Z",
"dateReserved": "2024-01-22T10:32:00.704Z",
"dateUpdated": "2025-06-17T21:29:17.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23791 (GCVE-0-2024-23791)
Vulnerability from cvelistv5 – Published: 2024-01-29 09:21 – Updated: 2025-05-29 15:10
VLAI?
Summary
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
Severity ?
4.9 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:47.563428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:10:14.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Log Backend"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.48",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "2023.x",
"versionType": "Patch"
}
]
}
],
"datePublic": "2024-01-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.\u003cp\u003eThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\u003c/p\u003e"
}
],
"value": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-545",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-545 Pull Data from System Resources"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T09:21:00.278Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to OTRS Patch 2024.1.1\u003c/div\u003e\u003cdiv\u003eUpdate to OTRS 7.0.49 (Long Term Support Users)\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"source": {
"advisory": "OSA-2024-02",
"defect": [
"Issue#1224",
"Ticket#2021091742001128"
],
"discovery": "USER"
},
"title": "Unnecessary data is written to log if issues during indexing occurs",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23791",
"datePublished": "2024-01-29T09:21:00.278Z",
"dateReserved": "2024-01-22T10:32:00.704Z",
"dateUpdated": "2025-05-29T15:10:14.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23792 (GCVE-0-2024-23792)
Vulnerability from cvelistv5 – Published: 2024-01-29 09:20 – Updated: 2024-11-12 21:47
VLAI?
Summary
When adding attachments to ticket comments,
another user can add attachments as well impersonating the orginal user. The attack requires a
logged-in other user to know the UUID. While the legitimate user
completes the comment, the malicious user can add more files to the
comment.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
Severity ?
5.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Special thanks to Matthias Püschel for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T21:46:29.598781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T21:47:04.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"internal API"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.48",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "2023.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"datePublic": "2024-01-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen adding attachments to ticket comments, \nanother user can add attachments as well impersonating the orginal user. The attack requires a \nlogged-in other user to know the UUID. While the legitimate user \ncompletes the comment, the malicious user can add more files to the \ncomment.\u003c/p\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\u003c/p\u003e"
}
],
"value": "When adding attachments to ticket comments, \nanother user can add attachments as well impersonating the orginal user. The attack requires a \nlogged-in other user to know the UUID. While the legitimate user \ncompletes the comment, the malicious user can add more files to the \ncomment.\n\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-194",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-194 Fake the Source of Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T09:20:40.920Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to OTRS Patch 2024.1.1\u003c/div\u003e\u003cdiv\u003eUpdate to OTRS 7.0.49 (Long Term Support Users)\u003c/div\u003e"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"source": {
"advisory": "OSA-2024-03",
"defect": [
"Issue#1392",
"Ticket#2023083042000825"
],
"discovery": "EXTERNAL"
},
"title": "Insufficient access control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23792",
"datePublished": "2024-01-29T09:20:06.829Z",
"dateReserved": "2024-01-22T10:32:00.704Z",
"dateUpdated": "2024-11-12T21:47:04.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6254 (GCVE-0-2023-6254)
Vulnerability from cvelistv5 – Published: 2023-11-27 09:44 – Updated: 2024-10-15 17:45
VLAI?
Summary
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-
This issue affects OTRS: from 8.0.X through 8.0.37.
Severity ?
8.1 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Credits
Special thanks to Matthias Püschel for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-11/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:14.848049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:45:11.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"AgentInterface",
"ExternalInterface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"datePublic": "2023-11-27T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 8.0.X through 8.0.37.\u003c/p\u003e"
}
],
"value": "A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-\nThis issue affects OTRS: from 8.0.X through 8.0.37.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T09:44:00.273Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-11/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS Patch 2023.1.1\u003cbr\u003e"
}
],
"value": "Update to OTRS Patch 2023.1.1\n"
}
],
"source": {
"advisory": "OSA-2023-11",
"defect": [
"Issue#1390",
"Ticket#2023083042000825"
],
"discovery": "USER"
},
"title": "Password is send back to client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-6254",
"datePublished": "2023-11-27T09:44:00.273Z",
"dateReserved": "2023-11-22T12:14:39.322Z",
"dateUpdated": "2024-10-15T17:45:11.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5421 (GCVE-0-2023-5421)
Vulnerability from cvelistv5 – Published: 2023-10-16 08:10 – Updated: 2024-09-16 16:55
VLAI?
Summary
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs
immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| OTRS AG | OTRS |
Affected:
7.0.x , < 7.0.47
(Patch)
Affected: 8.0.x , < 8.0.37 (Patch) |
|||||||
|
|||||||||
Credits
Special thanks to Tim Püttmanns for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:53:50.683230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:55:01.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Agent Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"Agent Interface"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.x",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"datePublic": "2023-10-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs \nimmediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\u003c/p\u003e"
}
],
"value": "An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs \nimmediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:10:55.114Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUpdate to OTRS 7.0.47 or OTRS 8.0.37.\n\u003cbr\u003e"
}
],
"value": "Update to OTRS 7.0.47 or OTRS 8.0.37.\n\n"
}
],
"source": {
"advisory": "OSA-2023-09",
"defect": [
"Issue#1214",
"Ticket#2023080742002233"
],
"discovery": "EXTERNAL"
},
"title": " Possible XSS execution in customer information ",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Switch AdminCustomerUser::UseAutoComplete off\u003cbr\u003e"
}
],
"value": "Switch AdminCustomerUser::UseAutoComplete off\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-5421",
"datePublished": "2023-10-16T08:10:55.114Z",
"dateReserved": "2023-10-05T08:12:09.849Z",
"dateUpdated": "2024-09-16T16:55:01.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38059 (GCVE-0-2023-38059)
Vulnerability from cvelistv5 – Published: 2023-10-16 08:10 – Updated: 2024-09-16 16:56
VLAI?
Summary
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| OTRS AG | OTRS |
Affected:
7.0.x , < 7.0.47
(Patch)
Affected: 8.0.x , < 8.0.37 (Patch) |
|||||||
|
|||||||||
Credits
Special thanks to Tim Püttmanns for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:56:02.147025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:56:26.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Agent Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Agent Interface"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.x",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"datePublic": "2023-10-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.\u003cp\u003eThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\u003c/p\u003e"
}
],
"value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:10:44.014Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 8.0.37 or OTRS 7.0.47\u003cbr\u003e"
}
],
"value": "Update to OTRS 8.0.37 or OTRS 7.0.47\n"
}
],
"source": {
"advisory": "OSA-2023-08",
"defect": [
"Issue#1185",
"Ticket#2023041342000623"
],
"discovery": "EXTERNAL"
},
"title": "External pictures can be loaded even if not allowed by configuration",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-38059",
"datePublished": "2023-10-16T08:10:44.014Z",
"dateReserved": "2023-07-12T08:05:38.780Z",
"dateUpdated": "2024-09-16T16:56:26.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5422 (GCVE-0-2023-5422)
Vulnerability from cvelistv5 – Published: 2023-10-16 08:10 – Updated: 2024-09-16 17:02
VLAI?
Summary
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the
SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate
satisfies all necessary security requirements.
This could allow an
attacker to use an invalid certificate to claim to be a trusted host,
use expired certificates, or conduct other attacks that could be
detected if the certificate is properly validated.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
Severity ?
8.7 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| OTRS AG | OTRS |
Affected:
7.0.x , < 7.0.47
(Patch)
Affected: 8.0.x , < 8.0.37 (Patch) |
|||||||
|
|||||||||
Credits
Special thanks to Matthias Terlinde for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:otrs_ag:otrs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "otrs",
"vendor": "otrs_ag",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:otrs_community_edition:otrs_community_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "otrs_community_edition",
"vendor": "otrs_community_edition",
"versions": [
{
"lessThan": "6.0.34",
"status": "affected",
"version": "6.0x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:57:40.338711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:02:52.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"E-Mail Backend"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"E-Mail Backend"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.x",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias Terlinde for reporting these vulnerability."
}
],
"datePublic": "2023-10-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the \nSSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate \nsatisfies all necessary security requirements.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis could allow an \nattacker to use an invalid certificate to claim to be a trusted host, \nuse expired certificates, or conduct other attacks that could be \ndetected if the certificate is properly validated.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the \nSSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate \nsatisfies all necessary security requirements.\n\nThis could allow an \nattacker to use an invalid certificate to claim to be a trusted host, \nuse expired certificates, or conduct other attacks that could be \ndetected if the certificate is properly validated.\n\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:10:35.192Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUpdate to OTRS 7.0.47 or 8.0.37\n\u003cbr\u003e"
}
],
"value": "Update to OTRS 7.0.47 or 8.0.37\n\n"
}
],
"source": {
"advisory": "OSA-2023-10",
"defect": [
"Issue#21",
"Issue#44",
"Ticket#2022062142000679",
"Ticket#2022061542000654"
],
"discovery": "USER"
},
"title": "SSL Certificates are not checked for E-Mail Handling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-5422",
"datePublished": "2023-10-16T08:10:35.192Z",
"dateReserved": "2023-10-05T08:12:18.101Z",
"dateUpdated": "2024-09-16T17:02:52.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24387 (GCVE-0-2025-24387)
Vulnerability from nvd – Published: 2025-03-10 09:28 – Updated: 2025-03-10 13:12
VLAI?
Summary
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive
cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* OTRS 2025.x
Severity ?
4.8 (Medium)
CWE
- CWE-1275 - Sensitive Cookie with Improper SameSite Attribute
Assigner
References
Impacted products
Credits
Special thanks to Alissa Kim for reporting this vulnerability.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T13:12:24.747437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T13:12:40.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Application Server"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "7.0.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "2023.x"
},
{
"status": "affected",
"version": "2024.x"
},
{
"lessThanOrEqual": "2025.1.2",
"status": "affected",
"version": "2025.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Special thanks to Alissa Kim for reporting this vulnerability."
}
],
"datePublic": "2025-03-10T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive \ncookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.\u003cbr\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOTRS 7.0.X\u003c/li\u003e\u003cli\u003eOTRS 8.0.X\u003c/li\u003e\u003cli\u003eOTRS 2023.X\u003c/li\u003e\u003cli\u003eOTRS 2024.X\u003c/li\u003e\u003cli\u003eOTRS 2025.x \u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive \ncookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.\n\u00a0\n\nThis issue affects:\n\n * OTRS 7.0.X\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n * OTRS 2025.x"
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1275",
"description": "CWE-1275: Sensitive Cookie with Improper SameSite Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T09:28:31.053Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2025-05/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2025.2.x. Please note that there will be no OTRS 7 patches\u003cbr\u003e"
}
],
"value": "Update to OTRS 2025.2.x. Please note that there will be no OTRS 7 patches"
}
],
"source": {
"advisory": "OSA-2025-05",
"defect": [
"Issue#3080",
"Ticket#2024110542002023"
],
"discovery": "EXTERNAL"
},
"title": "Missing CSRF protection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2025-24387",
"datePublished": "2025-03-10T09:28:31.053Z",
"dateReserved": "2025-01-21T09:09:58.720Z",
"dateUpdated": "2025-03-10T13:12:40.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23794 (GCVE-0-2024-23794)
Vulnerability from nvd – Published: 2024-07-15 07:14 – Updated: 2024-08-01 23:13
VLAI?
Summary
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS:
* 8.0.X
* 2023.X
* from 2024.X through 2024.4.x
Severity ?
5.2 (Medium)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:46:31.889829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T14:27:36.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"inline editing"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "2023.x"
},
{
"lessThanOrEqual": "2024.4.x",
"status": "affected",
"version": "2024.x",
"versionType": "Patch"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The sub setting RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch has to be activated by an administrator first and Ticket::Permission###1-OwnerCheck is enabled (default)\u003cbr\u003e\u003ch2\u003e\u003cbr\u003e\u003c/h2\u003e\u003cbr\u003e"
}
],
"value": "The sub setting RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch has to be activated by an administrator first and Ticket::Permission###1-OwnerCheck is enabled (default)\n\n"
}
],
"datePublic": "2024-07-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting \u0027RequiredLock\u0027 of \u0027AgentFrontend::Ticket::InlineEditing::Property###Watch\u0027 in the system configuration.\u003cp\u003eThis issue affects OTRS:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e8.0.X\u003c/li\u003e\u003cli\u003e2023.X\u003c/li\u003e\u003cli\u003efrom 2024.X through 2024.4.x\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting \u0027RequiredLock\u0027 of \u0027AgentFrontend::Ticket::InlineEditing::Property###Watch\u0027 in the system configuration.This issue affects OTRS:\u00a0\n\n * 8.0.X\n * 2023.X\n * from 2024.X through 2024.4.x\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T10:41:01.694Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-06/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2024.5.2\u003cbr\u003e"
}
],
"value": "Update to OTRS 2024.5.2\n"
}
],
"source": {
"advisory": "OSA-2024-06",
"defect": [
"Issue#2409",
"Ticket#2024042342000433"
],
"discovery": "USER"
},
"title": "Agents are able to lock the ticket without the \"Owner\" permission",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck\u003cbr\u003e"
}
],
"value": "deactivate RequiredLock of AgentFrontend::Ticket::InlineEditing::Property###Watch or disable Ticket::Permission###1-OwnerCheck\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23794",
"datePublished": "2024-07-15T07:14:09.557Z",
"dateReserved": "2024-01-22T10:32:00.705Z",
"dateUpdated": "2024-08-01T23:13:07.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6540 (GCVE-0-2024-6540)
Vulnerability from nvd – Published: 2024-07-15 07:13 – Updated: 2024-08-01 21:41
VLAI?
Summary
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.
This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
Severity ?
5.7 (Medium)
CWE
- CWE-790 - Improper Filtering of Special Elements
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:10:12.804749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:10:28.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"External interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "2023.x"
},
{
"lessThanOrEqual": "2024.4.x",
"status": "affected",
"version": "2024.x",
"versionType": "Patch"
}
]
}
],
"datePublic": "2024-07-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x\u003c/p\u003e"
}
],
"value": "Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.\nThis issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790 Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T10:41:47.335Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2024.5.2\u003cbr\u003e"
}
],
"value": "Update to OTRS 2024.5.2\n"
}
],
"source": {
"advisory": "OSA-2024-07",
"defect": [
"Issue##2638",
"Ticket#2024070142001245"
],
"discovery": "USER"
},
"title": "Information exlosure in external interface",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Have TicketSearchLegacyEngine enabled\u003cbr\u003e"
}
],
"value": "Have TicketSearchLegacyEngine enabled\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-6540",
"datePublished": "2024-07-15T07:13:49.918Z",
"dateReserved": "2024-07-08T07:35:49.064Z",
"dateUpdated": "2024-08-01T21:41:03.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23790 (GCVE-0-2024-23790)
Vulnerability from nvd – Published: 2024-01-29 09:21 – Updated: 2025-06-17 21:29
VLAI?
Summary
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Special thanks to Matthias Püschel for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T13:20:27.471691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:17.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent Interface",
"External Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "2023",
"versionType": "Patch"
},
{
"lessThanOrEqual": "7.0.48",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"datePublic": "2024-01-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T09:21:14.996Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to OTRS Patch 2024.1.1\u003c/div\u003e\u003cdiv\u003eUpdate to OTRS 7.0.49 (Long Term Support Users)\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"source": {
"advisory": "OSA-2024-01",
"defect": [
"Ticket#2023083042000825",
"Issue#1306"
],
"discovery": "EXTERNAL"
},
"title": "Missing file type check in avatar picture upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23790",
"datePublished": "2024-01-29T09:21:14.996Z",
"dateReserved": "2024-01-22T10:32:00.704Z",
"dateUpdated": "2025-06-17T21:29:17.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23791 (GCVE-0-2024-23791)
Vulnerability from nvd – Published: 2024-01-29 09:21 – Updated: 2025-05-29 15:10
VLAI?
Summary
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
Severity ?
4.9 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:47.563428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:10:14.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Log Backend"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.48",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "2023.x",
"versionType": "Patch"
}
]
}
],
"datePublic": "2024-01-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.\u003cp\u003eThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\u003c/p\u003e"
}
],
"value": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-545",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-545 Pull Data from System Resources"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T09:21:00.278Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to OTRS Patch 2024.1.1\u003c/div\u003e\u003cdiv\u003eUpdate to OTRS 7.0.49 (Long Term Support Users)\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"source": {
"advisory": "OSA-2024-02",
"defect": [
"Issue#1224",
"Ticket#2021091742001128"
],
"discovery": "USER"
},
"title": "Unnecessary data is written to log if issues during indexing occurs",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23791",
"datePublished": "2024-01-29T09:21:00.278Z",
"dateReserved": "2024-01-22T10:32:00.704Z",
"dateUpdated": "2025-05-29T15:10:14.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23792 (GCVE-0-2024-23792)
Vulnerability from nvd – Published: 2024-01-29 09:20 – Updated: 2024-11-12 21:47
VLAI?
Summary
When adding attachments to ticket comments,
another user can add attachments as well impersonating the orginal user. The attack requires a
logged-in other user to know the UUID. While the legitimate user
completes the comment, the malicious user can add more files to the
comment.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
Severity ?
5.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Special thanks to Matthias Püschel for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T21:46:29.598781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T21:47:04.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"internal API"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.48",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
},
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "2023.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"datePublic": "2024-01-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen adding attachments to ticket comments, \nanother user can add attachments as well impersonating the orginal user. The attack requires a \nlogged-in other user to know the UUID. While the legitimate user \ncompletes the comment, the malicious user can add more files to the \ncomment.\u003c/p\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\u003c/p\u003e"
}
],
"value": "When adding attachments to ticket comments, \nanother user can add attachments as well impersonating the orginal user. The attack requires a \nlogged-in other user to know the UUID. While the legitimate user \ncompletes the comment, the malicious user can add more files to the \ncomment.\n\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-194",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-194 Fake the Source of Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T09:20:40.920Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to OTRS Patch 2024.1.1\u003c/div\u003e\u003cdiv\u003eUpdate to OTRS 7.0.49 (Long Term Support Users)\u003c/div\u003e"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"source": {
"advisory": "OSA-2024-03",
"defect": [
"Issue#1392",
"Ticket#2023083042000825"
],
"discovery": "EXTERNAL"
},
"title": "Insufficient access control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2024-23792",
"datePublished": "2024-01-29T09:20:06.829Z",
"dateReserved": "2024-01-22T10:32:00.704Z",
"dateUpdated": "2024-11-12T21:47:04.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6254 (GCVE-0-2023-6254)
Vulnerability from nvd – Published: 2023-11-27 09:44 – Updated: 2024-10-15 17:45
VLAI?
Summary
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-
This issue affects OTRS: from 8.0.X through 8.0.37.
Severity ?
8.1 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Credits
Special thanks to Matthias Püschel for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-11/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:14.848049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:45:11.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"AgentInterface",
"ExternalInterface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"datePublic": "2023-11-27T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 8.0.X through 8.0.37.\u003c/p\u003e"
}
],
"value": "A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-\nThis issue affects OTRS: from 8.0.X through 8.0.37.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T09:44:00.273Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-11/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS Patch 2023.1.1\u003cbr\u003e"
}
],
"value": "Update to OTRS Patch 2023.1.1\n"
}
],
"source": {
"advisory": "OSA-2023-11",
"defect": [
"Issue#1390",
"Ticket#2023083042000825"
],
"discovery": "USER"
},
"title": "Password is send back to client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-6254",
"datePublished": "2023-11-27T09:44:00.273Z",
"dateReserved": "2023-11-22T12:14:39.322Z",
"dateUpdated": "2024-10-15T17:45:11.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5421 (GCVE-0-2023-5421)
Vulnerability from nvd – Published: 2023-10-16 08:10 – Updated: 2024-09-16 16:55
VLAI?
Summary
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs
immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| OTRS AG | OTRS |
Affected:
7.0.x , < 7.0.47
(Patch)
Affected: 8.0.x , < 8.0.37 (Patch) |
|||||||
|
|||||||||
Credits
Special thanks to Tim Püttmanns for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:53:50.683230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:55:01.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Agent Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"Agent Interface"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.x",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"datePublic": "2023-10-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs \nimmediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\u003c/p\u003e"
}
],
"value": "An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs \nimmediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:10:55.114Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUpdate to OTRS 7.0.47 or OTRS 8.0.37.\n\u003cbr\u003e"
}
],
"value": "Update to OTRS 7.0.47 or OTRS 8.0.37.\n\n"
}
],
"source": {
"advisory": "OSA-2023-09",
"defect": [
"Issue#1214",
"Ticket#2023080742002233"
],
"discovery": "EXTERNAL"
},
"title": " Possible XSS execution in customer information ",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Switch AdminCustomerUser::UseAutoComplete off\u003cbr\u003e"
}
],
"value": "Switch AdminCustomerUser::UseAutoComplete off\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-5421",
"datePublished": "2023-10-16T08:10:55.114Z",
"dateReserved": "2023-10-05T08:12:09.849Z",
"dateUpdated": "2024-09-16T16:55:01.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38059 (GCVE-0-2023-38059)
Vulnerability from nvd – Published: 2023-10-16 08:10 – Updated: 2024-09-16 16:56
VLAI?
Summary
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| OTRS AG | OTRS |
Affected:
7.0.x , < 7.0.47
(Patch)
Affected: 8.0.x , < 8.0.37 (Patch) |
|||||||
|
|||||||||
Credits
Special thanks to Tim Püttmanns for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:56:02.147025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:56:26.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Agent Interface"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Agent Interface"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.x",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"datePublic": "2023-10-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.\u003cp\u003eThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\u003c/p\u003e"
}
],
"value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:10:44.014Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 8.0.37 or OTRS 7.0.47\u003cbr\u003e"
}
],
"value": "Update to OTRS 8.0.37 or OTRS 7.0.47\n"
}
],
"source": {
"advisory": "OSA-2023-08",
"defect": [
"Issue#1185",
"Ticket#2023041342000623"
],
"discovery": "EXTERNAL"
},
"title": "External pictures can be loaded even if not allowed by configuration",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-38059",
"datePublished": "2023-10-16T08:10:44.014Z",
"dateReserved": "2023-07-12T08:05:38.780Z",
"dateUpdated": "2024-09-16T16:56:26.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5422 (GCVE-0-2023-5422)
Vulnerability from nvd – Published: 2023-10-16 08:10 – Updated: 2024-09-16 17:02
VLAI?
Summary
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the
SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate
satisfies all necessary security requirements.
This could allow an
attacker to use an invalid certificate to claim to be a trusted host,
use expired certificates, or conduct other attacks that could be
detected if the certificate is properly validated.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
Severity ?
8.7 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| OTRS AG | OTRS |
Affected:
7.0.x , < 7.0.47
(Patch)
Affected: 8.0.x , < 8.0.37 (Patch) |
|||||||
|
|||||||||
Credits
Special thanks to Matthias Terlinde for reporting these vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:otrs_ag:otrs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "otrs",
"vendor": "otrs_ag",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:otrs_community_edition:otrs_community_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "otrs_community_edition",
"vendor": "otrs_community_edition",
"versions": [
{
"lessThan": "6.0.34",
"status": "affected",
"version": "6.0x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:57:40.338711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:02:52.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"E-Mail Backend"
],
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"E-Mail Backend"
],
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.x",
"versionType": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Special thanks to Matthias Terlinde for reporting these vulnerability."
}
],
"datePublic": "2023-10-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the \nSSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate \nsatisfies all necessary security requirements.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis could allow an \nattacker to use an invalid certificate to claim to be a trusted host, \nuse expired certificates, or conduct other attacks that could be \ndetected if the certificate is properly validated.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the \nSSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate \nsatisfies all necessary security requirements.\n\nThis could allow an \nattacker to use an invalid certificate to claim to be a trusted host, \nuse expired certificates, or conduct other attacks that could be \ndetected if the certificate is properly validated.\n\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:10:35.192Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUpdate to OTRS 7.0.47 or 8.0.37\n\u003cbr\u003e"
}
],
"value": "Update to OTRS 7.0.47 or 8.0.37\n\n"
}
],
"source": {
"advisory": "OSA-2023-10",
"defect": [
"Issue#21",
"Issue#44",
"Ticket#2022062142000679",
"Ticket#2022061542000654"
],
"discovery": "USER"
},
"title": "SSL Certificates are not checked for E-Mail Handling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2023-5422",
"datePublished": "2023-10-16T08:10:35.192Z",
"dateReserved": "2023-10-05T08:12:18.101Z",
"dateUpdated": "2024-09-16T17:02:52.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}