admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2023/5xxx/CVE-2023-5421.json

162 lines
6.2 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2023-10-05 09:00:32 +00:00
{
"-Synchronized-Data."
2023-10-16 09:00:39 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2023-10-05 09:00:32 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-5421",
"-Synchronized-Data."
2023-10-16 09:00:39 +00:00
"ASSIGNER": "security@otrs.com",
"STATE": "PUBLIC"
"-Synchronized-Data."
2023-10-05 09:00:32 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2023-10-16 09:00:39 +00:00
"value": "An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs \nimmediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OTRS AG",
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "7.0.47",
"status": "affected",
"version": "7.0.x",
"versionType": "Patch"
},
{
"lessThan": "8.0.37",
"status": "affected",
"version": "8.0.x",
"versionType": "Patch"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "6.0.34",
"status": "affected",
"version": "6.0.x",
"versionType": "All"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/",
"refsource": "MISC",
"name": "https://otrs.com/release-notes/otrs-security-advisory-2023-09/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "OSA-2023-09",
"defect": [
"Issue#1214",
"Ticket#2023080742002233"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Switch AdminCustomerUser::UseAutoComplete off<br>"
}
],
"value": "Switch AdminCustomerUser::UseAutoComplete off\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUpdate to OTRS 7.0.47 or OTRS 8.0.37.\n<br>"
}
],
"value": "Update to OTRS 7.0.47 or OTRS 8.0.37.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
"-Synchronized-Data."
2023-10-05 09:00:32 +00:00
}
]
}
}
Reference in New Issue Copy Permalink