CVE-2023-1250

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.X through 7.0.41 OTRS versions 8.0.X through 8.0.30 OTRS Community Edition versions 6.0.1 through 6.0.34

Description The issue is related to an Improper Input Validation vulnerability in the ACL modules of OTRS AG OTRS and OTRS Community Edition. This vulnerability allows Local Execution of Code when creating or importing an ACL, as it is possible to inject code via manipulated comments and ACL names.

Recommendations For OTRS versions 7.0.X through 7.0.41, update to version 7.0.42 or later. For OTRS versions 8.0.X through 8.0.30, update to version 8.0.31 or later. For OTRS Community Edition versions 6.0.1 through 6.0.34, update to version 6.0.35 or later. As a temporary workaround, consider restricting the creation and import of ACLs to minimize the risk of exploitation.