CVE-2024-23793

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23793
The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts. This issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://otrs.com/release-notes/otrs-security-advisory-2024-05/
https://otrs.com/release-notes/otrs-security-advisory-2024-05/
Configurations

No configuration.

History

21 Nov 2024, 08:58

Type Values Removed Values Added
References () https://otrs.com/release-notes/otrs-security-advisory-2024-05/ - () https://otrs.com/release-notes/otrs-security-advisory-2024-05/ -

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) La función de carga de archivos en OTRS y ((OTRS)) Community Edition tiene una vulnerabilidad de path traversal. Este problema permite que agentes autenticados o usuarios de clientes carguen archivos potencialmente dañinos en directorios a los que puede acceder el servidor web, lo que podría provocar la ejecución de código local como scripts Perl. Este problema afecta a OTRS: desde 7.0.X hasta 7.0.49, 8.0.X, 2023.X, desde 2024.X hasta 2024.3.2; ((OTRS)) Edición comunitaria: desde 6.0.1 hasta 6.0.34.

06 Jun 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-06 19:15

Updated : 2024-11-21 08:58

NVD link : CVE-2024-23793

Mitre link : CVE-2024-23793

CVE.ORG link : CVE-2024-23793

JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024