CVE-2024-23793
Upload of files outside application directory
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts.
This issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
La función de carga de archivos en OTRS y ((OTRS)) Community Edition tiene una vulnerabilidad de path traversal. Este problema permite que agentes autenticados o usuarios de clientes carguen archivos potencialmente dañinos en directorios a los que puede acceder el servidor web, lo que podría provocar la ejecución de código local como scripts Perl. Este problema afecta a OTRS: desde 7.0.X hasta 7.0.49, 8.0.X, 2023.X, desde 2024.X hasta 2024.3.2; ((OTRS)) Edición comunitaria: desde 6.0.1 hasta 6.0.34.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-01-22 CVE Reserved
- 2024-06-06 CVE Published
- 2024-06-07 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
- CAPEC-17: Using Malicious Files
- CAPEC-549: Local Execution of Code
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
OTRS AG Search vendor "OTRS AG" | ((OTRS)) Community Edition Search vendor "OTRS AG" for product "((OTRS)) Community Edition" | >= 6.0.1 <= 6.0.34 Search vendor "OTRS AG" for product "((OTRS)) Community Edition" and version " >= 6.0.1 <= 6.0.34" | en |
Affected
|