CVE-2024-23793

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.X through 7.0.49 OTRS versions 8.0.X OTRS version 2023.X OTRS versions 2024.X through 2024.3.2 ((OTRS)) Community Edition versions 6.0.1 through 6.0.34

Description The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal issue. This permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts.

Recommendations For OTRS versions 7.0.X through 7.0.49, update to a version outside of this range to resolve the issue. For OTRS versions 8.0.X, update to a version outside of this range to resolve the issue. For OTRS version 2023.X, update to a version outside of this range to resolve the issue. For OTRS versions 2024.X through 2024.3.2, update to a version outside of this range to resolve the issue. For ((OTRS)) Community Edition versions 6.0.1 through 6.0.34, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature until a patch is available.