CVE-2024-23791 — Log File Information Exposure in Otrs

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

7.5HIGHNVD

CNA4.9

EPSS

0.1%

top 65.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs Otrs AG Otrs

Timeline

PublishedJan 29

Description

Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDotrs/otrs7.0.0 — 7.0.49+1

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.48+2

🔴Vulnerability Details

OSV

CVE-2024-23791: Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles↗2024-01-29

▶

GHSA

GHSA-q87w-hjgf-6vfw: Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles↗2024-01-29

▶

CVEList

Unnecessary data is written to log if issues during indexing occurs↗2024-01-29

▶