When adding attachments to ticket comments,
another user can add attachments as well impersonating the orginal user. The attack requires a
logged-in other user to know the UUID. While the legitimate user
completes the comment, the malicious user can add more files to the
comment.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: OTRS
Published: 2024-01-29T09:20:06.829Z
Updated: 2024-08-01T23:13:07.447Z
Reserved: 2024-01-22T10:32:00.704Z
Link: CVE-2024-23792
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-29T10:15:08.683
Modified: 2024-02-02T02:07:40.577
Link: CVE-2024-23792
Redhat
No data.