A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory.
References
Link | Resource |
---|---|
https://blog.manavparekh.com/2023/06/cve-2023-30082.html | Exploit Third Party Advisory |
https://github.com/manavparekh/CVEs/blob/main/CVE-2023-30082/Steps%20to%20reproduce.txt | Exploit Third Party Advisory |
Configurations
History
28 Jun 2023, 20:31
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://blog.manavparekh.com/2023/06/cve-2023-30082.html - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/manavparekh/CVEs/blob/main/CVE-2023-30082/Steps%20to%20reproduce.txt - Exploit, Third Party Advisory | |
CWE | CWE-1284 | |
First Time |
Enhancesoft
Enhancesoft osticket |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:enhancesoft:osticket:1.17.2:*:*:*:*:*:*:* |
21 Jun 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2023, 21:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-14 20:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-30082
Mitre link : CVE-2023-30082
CVE.ORG link : CVE-2023-30082
JSON object : View
Products Affected
enhancesoft
- osticket
CWE
CWE-1284
Improper Validation of Specified Quantity in Input