CVE-2024-23790
published 2024-01-29CVE-2024-23790: Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue…
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.25%
16.6th percentile
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| otrs | otrs | >= 7.0.0 < 7.0.49 | 7.0.49 |
| otrs | otrs | >= 8.0.0 < 2024.1.1 | 2024.1.1 |
| otrs_ag | otrs | 2023 – 2023.1.1 | — |
| otrs_ag | otrs | 7.0.x – 7.0.48 | — |
| otrs_ag | otrs | 8.0.x – 8.0.37 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-23790: Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes
osv·2024-01-29·CVSS 9.8
CVE-2024-23790 [CRITICAL] CVE-2024-23790: Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
GHSA
GHSA-m525-p4rf-7h93: Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes
ghsa_unreviewed·2024-01-29
CVE-2024-23790 [LOW] CWE-20 GHSA-m525-p4rf-7h93: Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.
This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-29
Published