CVE-2024-23793 — Path Traversal in AG Community Edition

CWE-22 — Path Traversal4 documents4 sources

Severity

6.3MEDIUMNVD

EPSS

0.2%

top 52.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Community Edition Otrs AG Otrs

Timeline

PublishedJun 6

Description

The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts. This issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:LExploitability: 2.1 | Impact: 4.2

Affected Packages2 packages

▶CVEListV5otrs_ag/community_edition6.0.1 — 6.0.34

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.49+3

🔴Vulnerability Details

GHSA

GHSA-cqhr-chmp-4x86: The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability↗2024-06-06

▶

OSV

CVE-2024-23793: The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability↗2024-06-06

▶

CVEList

Upload of files outside application directory↗2024-06-06

▶