← Volver a CVEs

CVE-2023-38060

MEDIUM

6.3

Descripcion

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

Detalles CVE

Puntuacion CVSS v3.16.3

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado7/24/2023

Ultima modificacion2/13/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

otrs:otrs

Debilidades (CWE)

CWE-20CWE-74

Referencias

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html(security@otrs.com)

https://otrs.com/release-notes/otrs-security-advisory-2023-04/(security@otrs.com)

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html(af854a3a-2127-422b-91ae-364da2661108)

https://otrs.com/release-notes/otrs-security-advisory-2023-04/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.