CVE-2024-23791
published 2024-01-29CVE-2024-23791: Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.52%
39.9th percentile
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| otrs | otrs | >= 7.0.0 < 7.0.49 | 7.0.49 |
| otrs | otrs | >= 8.0.0 < 2024.1.1 | 2024.1.1 |
| otrs_ag | otrs | 2023.x – 2023.1.1 | — |
| otrs_ag | otrs | 7.0.x – 7.0.48 | — |
| otrs_ag | otrs | 8.0.x – 8.0.37 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-23791: Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles
osv·2024-01-29·CVSS 7.5
CVE-2024-23791 [HIGH] CVE-2024-23791: Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
GHSA
GHSA-q87w-hjgf-6vfw: Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles
ghsa_unreviewed·2024-01-29
CVE-2024-23791 [MEDIUM] CWE-532 GHSA-q87w-hjgf-6vfw: Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-29
Published