CVE-2024-43445Improper Input Validation in AG Otrs

CWE-20Improper Input Validation3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 70.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Otrs AG OtrsOtrs AG Community Edition
Timeline
PublishedJan 27

Description

A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5otrs_ag/community_edition6.0.x6.0.34
CVEListV5otrs_ag/otrs2025.x2025.1.x+4

🔴Vulnerability Details

2
CVEList
Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing2025-01-27
GHSA
GHSA-fg8c-fxj5-qp3x: A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff2025-01-27
CVE-2024-43445 — Improper Input Validation in AG Otrs | cvebase