CVE-2024-23790

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.X through 7.0.48 OTRS versions 8.0.X through 8.0.37 OTRS versions 2023 through 2023.1.1

Description The issue is related to an Improper Input Validation vulnerability in the upload functionality for user avatars, which allows functionality misuse due to a missing check of filetypes. This vulnerability may allow a remote attacker to execute arbitrary code.

Recommendations For OTRS versions 7.0.X through 7.0.48, update to a version later than 7.0.48. For OTRS versions 8.0.X through 8.0.37, update to a version later than 8.0.37. For OTRS versions 2023 through 2023.1.1, update to a version later than 2023.1.1. As a temporary workaround, consider disabling the upload functionality for user avatars until a patch is available.