6 matches found
CVE-2024-23792
creationtimestamp| type| source ---|---|--- 2024-01-29 11:26:26+00:00| seen| https://t.me/ctinow/175168 2024-02-21 12:11:20+00:00| seen| https://t.me/ctinow/189512...
CVE-2024-23792
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2024-23792
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2024-23792 Insufficient access control
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2024-23792 Insufficient access control
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2024-23792
CVE-2024-23792 affects OTRS, with gaps in attachment handling in ticket comments. The issue allows another logged-in user to add attachments impersonating the original user when a UUID is known, potentially escalating access during the time the legitimate user is posting a comment. Affected versi...