CVE-2023-38060 Vulnerability Details

  /     /     /  

CVE-2023-38060 Metadata Quick Info

CVE Published: 24/07/2023 | CVE Updated: 17/10/2024 | CVE Year: 2023
Source: OTRS | Vendor: OTRS AG | Product: OTRS
Status : PUBLISHED

---

CVE-2023-38060 Description

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.  This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

Metrics

CVSS Version: 3.1 | Base Score: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-20
CWE Name: CWE-20 Improper Input Validation
Source: OTRS AG

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-141
CAPEC Description: CAPEC-141 Cache Poisoning


Source: NVD (National Vulnerability Database).