CVE-2023-38059 - OpenCVE

The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Otrs	Otrs

Configuration 1 [-]

OR	cpe:2.3:a:otrs:otrs:::::community:::*
	cpe:2.3:a:otrs:otrs::::::::
	cpe:2.3:a:otrs:otrs::::::::

No data.

References

Link	Providers
https://otrs.com/release-notes/otrs-security-advisory-2023-08/

History

No history.

MITRE

Status: PUBLISHED

Assigner: OTRS

Published: 2023-10-16T08:10:44.014Z

Updated: 2024-09-16T16:56:26.630Z

Reserved: 2023-07-12T08:05:38.780Z

Link: CVE-2023-38059

Vulnrichment

Updated: 2024-08-02T17:30:13.552Z

NVD

Status : Analyzed

Published: 2023-10-16T09:15:10.243

Modified: 2023-10-19T17:42:44.373

Link: CVE-2023-38059

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38059", "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "state": "PUBLISHED", "assignerShortName": "OTRS", "dateReserved": "2023-07-12T08:05:38.780Z", "datePublished": "2023-10-16T08:10:44.014Z", "dateUpdated": "2024-09-16T16:56:26.630Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Agent Interface"], "product": "OTRS", "vendor": "OTRS AG", "versions": [{"lessThan": "7.0.47", "status": "affected", "version": "7.0.x", "versionType": "Patch"}, {"lessThan": "8.0.37", "status": "affected", "version": "8.0.x", "versionType": "Patch"}]}, {"defaultStatus": "unaffected", "modules": ["Agent Interface"], "product": "((OTRS)) Community Edition", "vendor": "OTRS AG", "versions": [{"lessThanOrEqual": "6.0.34", "status": "affected", "version": "6.0.x", "versionType": "All"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."}], "datePublic": "2023-10-16T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.<p>This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.</p>"}], "value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "shortName": "OTRS", "dateUpdated": "2023-10-16T08:10:44.014Z"}, "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to OTRS 8.0.37 or OTRS 7.0.47<br>"}], "value": "Update to OTRS 8.0.37 or OTRS 7.0.47\n"}], "source": {"advisory": "OSA-2023-08", "defect": ["Issue#1185", "Ticket#2023041342000623"], "discovery": "EXTERNAL"}, "title": "External pictures can be loaded even if not allowed by configuration", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:30:13.552Z"}, "title": "CVE Program Container", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-16T16:56:02.147025Z", "id": "CVE-2023-38059", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T16:56:26.630Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:30:13.552Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38059", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-16T16:56:02.147025Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T16:56:21.623Z"}}], "cna": {"title": "External pictures can be loaded even if not allowed by configuration", "source": {"defect": ["Issue#1185", "Ticket#2023041342000623"], "advisory": "OSA-2023-08", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OTRS AG", "modules": ["Agent Interface"], "product": "OTRS", "versions": [{"status": "affected", "version": "7.0.x", "lessThan": "7.0.47", "versionType": "Patch"}, {"status": "affected", "version": "8.0.x", "lessThan": "8.0.37", "versionType": "Patch"}], "defaultStatus": "affected"}, {"vendor": "OTRS AG", "modules": ["Agent Interface"], "product": "((OTRS)) Community Edition", "versions": [{"status": "affected", "version": "6.0.x", "versionType": "All", "lessThanOrEqual": "6.0.34"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to OTRS 8.0.37 or OTRS 7.0.47\n", "supportingMedia": [{"type": "text/html", "value": "Update to OTRS 8.0.37 or OTRS 7.0.47<br>", "base64": false}]}], "datePublic": "2023-10-16T07:00:00.000Z", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n", "supportingMedia": [{"type": "text/html", "value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.<p>This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "shortName": "OTRS", "dateUpdated": "2023-10-16T08:10:44.014Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38059", "state": "PUBLISHED", "dateUpdated": "2024-09-16T16:56:26.630Z", "dateReserved": "2023-07-12T08:05:38.780Z", "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "datePublished": "2023-10-16T08:10:44.014Z", "assignerShortName": "OTRS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*", "matchCriteriaId": "F933EBB8-2E51-4E24-BB9E-64FBE0FCBFDB", "versionEndIncluding": "6.0.34", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1C07539-E637-4A14-97EE-9FE4CB60644F", "versionEndExcluding": "7.0.47", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "matchCriteriaId": "400DD972-B06D-44C6-BD88-737BA162B3E1", "versionEndExcluding": "8.0.37", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"}, {"lang": "es", "value": "La carga de im\u00e1genes externas no se bloquea, incluso si est\u00e1 configurada, si el atacante utiliza una URL relativa al protocolo en el payload. Esto se puede utilizar para recuperar la IP del usuario. Este problema afecta a OTRS: desde 7.0.X anterior a 7.0.47, desde 8.0.X anterior a 8.0.37; ((OTRS)) Community Edition: desde la versi\u00f3n 6.0.X hasta la 6.0.34."}], "id": "CVE-2023-38059", "lastModified": "2023-10-19T17:42:44.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@otrs.com", "type": "Secondary"}]}, "published": "2023-10-16T09:15:10.243", "references": [{"source": "security@otrs.com", "tags": ["Vendor Advisory"], "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/"}], "sourceIdentifier": "security@otrs.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@otrs.com", "type": "Secondary"}]}