CVE-2023-38060

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 24, 2023

Updated: Aug 31, 2023

CWE ID 74

CWE ID 20

Summary

CVE-2023-38060 is an Input Validation vulnerability affecting the OTRS support ticket system. It lies in the ContentType parameter for attachments during TicketCreate and TicketUpdate operations of the OTRS Generic Interface modules. Maliciously crafted input can result in an attacker performing host header injection on the ContentType header of the attachment. This security flaw puts OTRS versions 7.0.X before 7.0.45, 8.0.X before 8.0.35, and Community Edition versions 6.0.1 through 6.0.34 at risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OTRS

Affected Vendors

otrs)

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r9sWDF
https://www.cve.org/CVERecord?id=CVE-2023-38060
https://nvd.nist.gov/vuln/detail/CVE-2023-38060

Back to Vulnerability Database