admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-380xx/CVE-2023-38059.json
cad-safe-bot 6295df3dc9 Auto-Update: 2023-10-29T09:06:34.248520+00:00
2023-10-29 09:06:41 +00:00

125 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-38059",
"sourceIdentifier": "security@otrs.com",
"published": "2023-10-16T09:15:10.243",
"lastModified": "2023-10-19T17:42:44.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
},
{
"lang": "es",
"value": "La carga de im\u00e1genes externas no se bloquea, incluso si est\u00e1 configurada, si el atacante utiliza una URL relativa al protocolo en el payload. Esto se puede utilizar para recuperar la IP del usuario. Este problema afecta a OTRS: desde 7.0.X anterior a 7.0.47, desde 8.0.X anterior a 8.0.37; ((OTRS)) Community Edition: desde la versi\u00f3n 6.0.X hasta la 6.0.34."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@otrs.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@otrs.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.34",
"matchCriteriaId": "F933EBB8-2E51-4E24-BB9E-64FBE0FCBFDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.47",
"matchCriteriaId": "B1C07539-E637-4A14-97EE-9FE4CB60644F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.37",
"matchCriteriaId": "400DD972-B06D-44C6-BD88-737BA162B3E1"
}
]
}
]
}
],
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/",
"source": "security@otrs.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink