CVE-2023-38060 Host header injection by attachments in web service

2023-07-2408:28:13

CWE-20

OTRS

www.cve.org

cve-2023-38060

input validation

otrs

web service

attachment

vulnerability

host header injection

community edition

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.

This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Generic Interface"
    ],
    "product": "OTRS",
    "vendor": "OTRS AG",
    "versions": [
      {
        "lessThan": "7.0.45",
        "status": "affected",
        "version": "7.0.x",
        "versionType": "Patch"
      },
      {
        "lessThan": "8.0.35",
        "status": "affected",
        "version": "8.0.x",
        "versionType": "Patch"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "modules": [
      "Generic Interface"
    ],
    "product": "((OTRS)) Community Edition",
    "vendor": "OTRS AG",
    "versions": [
      {
        "lessThanOrEqual": "6.0.34",
        "status": "affected",
        "version": "6.0.1",
        "versionType": "All"
      }
    ]
  }
]