CVE-2022-39051 — Improper Control of Dynamically-Managed Code Resources in AG Community Edition

CWE-913 — Improper Control of Dynamically-Managed Code Resources4 documents4 sources

Severity

8.8HIGHNVD

CNA6.8

EPSS

0.5%

top 35.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Community Edition Otrs Otrs AG Otrs

Timeline

PublishedSep 5

Latest updateSep 6

Description

Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDotrs/otrs7.0.0 — 7.0.37+2

▶CVEListV5otrs_ag/community_edition6.0.1 — 6.0.x*

▶CVEListV5otrs_ag/otrs7.0.x 7.0.36, 8.0.x 8.0.24+1

🔴Vulnerability Details

GHSA

GHSA-82r4-fhr7-r9f8: Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package↗2022-09-06

▶

CVEList

Perl Code execution in Template Toolkit↗2022-09-05

▶

OSV

CVE-2022-39051: Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package↗2022-09-05

▶