CVE Published: 29/01/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: OTRS |
Vendor: OTRS AG |
Product: OTRS Status : PUBLISHED
CVE-2024-23790 Description
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
Metrics
CVSS Version: 3.1 |
Base Score: 3.5 LOW Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N