Lucene search

Ubuntu.comUB:CVE-2024-23793

HistoryJun 06, 2024 - 12:00 a.m.

CVE-2024-23793

2024-06-0600:00:00

ubuntu.com

cve-2024-23793

authenticated agents

customer users

harmful files

web server

local code execution

perl scripts

version 7.0.x

version 7.0.49

version 8.0.x

version 2023.x

version 2024.x

version 2024.3.2

community edition

version 6.0.1

version 6.0.34

unix

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

The file upload feature in OTRS and ((OTRS)) Community Edition has a path
traversal vulnerability. This issue permits authenticated agents or
customer users to upload potentially harmful files to directories
accessible by the web server, potentially leading to the execution of local
code like Perl scripts.
This issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from
2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through
6.0.34.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchznuny< anyUNKNOWN
ubuntu24.04noarchznuny< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	znuny	< any	UNKNOWN
ubuntu	24.04	noarch	znuny	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2024-23793

nvd.nist.gov/vuln/detail/CVE-2024-23793

otrs.com/release-notes/otrs-security-advisory-2024-05/

security-tracker.debian.org/tracker/CVE-2024-23793

www.cve.org/CVERecord?id=CVE-2024-23793