CVE-2023-38059

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34

Description The issue allows the loading of external images even when configured to block them, by using protocol-relative URLs in the payload. This can be exploited to retrieve the IP address of the user.

Recommendations For OTRS versions 7.0.X through 7.0.46, update to version 7.0.47 or later. For OTRS versions 8.0.X through 8.0.36, update to version 8.0.37 or later. For OTRS Community Edition versions 6.0.X through 6.0.34, update to a version later than 6.0.34. As a temporary workaround, consider restricting the loading of external images to minimize the risk of exploitation.