When adding attachments to ticket comments,
another user can add attachments as well impersonating the orginal user. The attack requires a
logged-in other user to know the UUID. While the legitimate user
completes the comment, the malicious user can add more files to the
comment.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: OTRS
Published: 2024-01-29T09:20:06.829Z
Updated: 2024-11-12T21:47:04.433Z
Reserved: 2024-01-22T10:32:00.704Z
Link: CVE-2024-23792
Vulnrichment
Updated: 2024-08-01T23:13:07.447Z
NVD
Status : Modified
Published: 2024-01-29T10:15:08.683
Modified: 2024-11-21T08:58:25.700
Link: CVE-2024-23792
Redhat
No data.