PT-2023-26270 · Otrs+2 · Otrs+2
Tim Püttmanns
·
Published
2023-10-16
·
Updated
2024-08-06
·
CVE-2023-38059
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OTRS versions 7.0.X through 7.0.46
OTRS versions 8.0.X through 8.0.36
OTRS Community Edition versions 6.0.X through 6.0.34
Description
The issue allows the loading of external images even when configured to block them, by using protocol-relative URLs in the payload. This can be exploited to retrieve the IP address of the user.
Recommendations
For OTRS versions 7.0.X through 7.0.46, update to version 7.0.47 or later.
For OTRS versions 8.0.X through 8.0.36, update to version 8.0.37 or later.
For OTRS Community Edition versions 6.0.X through 6.0.34, update to a version later than 6.0.34.
As a temporary workaround, consider restricting the loading of external images to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Otrs
Otrs Community Edition