admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/23xxx/CVE-2024-23793.json

150 lines
6.3 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2024-01-22 11:00:32 +00:00
{
"-Synchronized-Data."
2024-06-06 19:00:35 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2024-01-22 11:00:32 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-23793",
"-Synchronized-Data."
2024-06-06 19:00:35 +00:00
"ASSIGNER": "security@otrs.com",
"STATE": "PUBLIC"
"-Synchronized-Data."
2024-01-22 11:00:32 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2024-06-06 19:00:35 +00:00
"value": "The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts.\nThis issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OTRS AG",
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "7.0.49",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "2023.x"
},
{
"lessThanOrEqual": "2024.3.2",
"status": "affected",
"version": "2024.x",
"versionType": "Patch"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.1",
"versionType": "All"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-05/",
"refsource": "MISC",
"name": "https://otrs.com/release-notes/otrs-security-advisory-2024-05/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "OSA-2024-05",
"defect": [
"Issue#2411"
],
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS&nbsp;2024.4.3 or OTRS 7.0.50 (extended support only)<br>"
}
],
"value": "Update to OTRS\u00a02024.4.3 or OTRS 7.0.50 (extended support only)\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
"-Synchronized-Data."
2024-01-22 11:00:32 +00:00
}
]
}
}
Reference in New Issue Copy Permalink