SUSE CVE-2023-38060

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue...

CVE-2024-43446 Improper check of permissions in Generic Interface

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...

CVE-2024-43446 Improper check of permissions in Generic Interface

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...

CVE-2024-43446

CVE-2024-43446 affects OTRS: improper privilege management in the Generic Interface module allows users with read-only privileges to change ticket status. Impacted: OTRS 7.0.x, 8.0.x, 2023.x, 2024.x and ((OTRS)) Community Edition 6.0.x (and products built on it). Root cause: insufficient access c...

CVE-2023-38060

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue...