CVE-2023-38056

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.X through 7.0.44 OTRS versions 8.0.X through 8.0.34 OTRS Community Edition versions 6.0.1 through 6.0.34

Description The issue is related to improper neutralization of commands allowed to be executed via OTRS System Configuration, for example, SchedulerCronTaskModule using UnitTests modules. This allows any authenticated attacker with admin privileges to execute code locally.

Recommendations For OTRS versions 7.0.X through 7.0.44, update to version 7.0.45 or later. For OTRS versions 8.0.X through 8.0.34, update to version 8.0.35 or later. For OTRS Community Edition versions 6.0.1 through 6.0.34, update to version 6.0.35 or later. As a temporary workaround, consider disabling the SchedulerCronTaskModule and UnitTests modules until a patch is available. Restrict access to the OTRS System Configuration to minimize the risk of exploitation.