CVE-2023-38060

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-38060

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38060.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-38060

Related

Published

2023-07-24T09:15:10Z

Modified

2024-09-11T05:00:03.810641Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.

This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

References

Affected packages

Debian:11 / otrs2

Package

Name: otrs2
Purl: pkg:deb/debian/otrs2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.4p01-6

2.0.4p01-7

2.0.4p01-8

2.0.4p01-9

2.0.4p01-10

2.0.4p01-11

2.0.4p01-12

2.0.4p01-13

2.0.4p01-14

2.0.4p01-14.1

2.0.4p01-15

2.0.4p01-16

2.0.4p01-17

2.0.4p01-18

2.0.99beta1-1

2.0.99beta1-2

2.1.1-1

2.1.3-1

2.1.4-1

2.1.4-2

2.1.5-1

2.1.5-2

2.1.5-3

2.1.6-1

2.1.7-1

2.1.7-2

2.2.0~beta2-1

2.2.0~beta3-1

2.2.1-1

2.2.2-1

2.2.3-1

2.2.4-1

2.2.5-1

2.2.5-2

2.2.6-1

2.2.7-1

2.2.7-2

2.2.7-2lenny1

2.2.7-2lenny2

2.2.7-2lenny3

2.2.7-3

2.3.2-1

2.3.2-2

2.3.3-1

2.3.4-1

2.3.4-2

2.3.4-3

2.3.4-4

2.3.4-5

2.3.4-6

2.3.4-7

2.4.5-1

2.4.5-2

2.4.5-3

2.4.5-4

2.4.5-5

2.4.6-1

2.4.6-2

2.4.7-1

2.4.7-2

2.4.7-3

2.4.7-4

2.4.7-5

2.4.7-6

2.4.7+dfsg1-1

2.4.8+dfsg1-1

2.4.9+dfsg1-1

2.4.9+dfsg1-2

2.4.9+dfsg1-3

2.4.9+dfsg1-3+squeeze1

2.4.9+dfsg1-3+squeeze3

2.4.9+dfsg1-3+squeeze4

2.4.9+dfsg1-3+squeeze5

2.4.9+dfsg1-4

2.4.9+dfsg1-5

2.4.10+dfsg1-1

2.4.10+dfsg1-2

2.4.10+dfsg1-3

3.*

3.0.8+dfsg1-1

3.0.9+dfsg1-1

3.0.10+dfsg1-1

3.0.10+dfsg1-2

3.0.11+dfsg1-1

3.1.0~beta4+dfsg1-1

3.1.0~beta5+dfsg1-1

3.1.0~rc1+dfsg1-1

3.1.1+dfsg1-1

3.1.1+dfsg1-2

3.1.2+dfsg1-1

3.1.2+dfsg1-2

3.1.2+dfsg1-3

3.1.3+dfsg1-1

3.1.3+dfsg1-2

3.1.4+dfsg1-1

3.1.5+dfsg1-1

3.1.5+dfsg1-2

3.1.5+dfsg1-3

3.1.6+dfsg1-1

3.1.7+dfsg1-1

3.1.7+dfsg1-2

3.1.7+dfsg1-3

3.1.7+dfsg1-4

3.1.7+dfsg1-5

3.1.7+dfsg1-6

3.1.7+dfsg1-7

3.1.7+dfsg1-8

3.1.8+dfsg1-1

3.1.9+dfsg1-1

3.1.10+dfsg1-1

3.1.11+dfsg1-1

3.1.12+dfsg1-1

3.1.12+dfsg1-2

3.1.12+dfsg1-3

3.2.1+dfsg1-1

3.2.2+dfsg1-1

3.2.3+dfsg1-1

3.2.4-1

3.2.5-1

3.2.6-1

3.2.6-2

3.2.7-1

3.2.7-2

3.2.8-1

3.2.9-1

3.2.9-2

3.2.10-1

3.2.10-2

3.2.11-1~bpo70+1

3.2.11-1

3.2.12-1

3.3.1-1

3.3.2-1

3.3.3-1

3.3.3-2

3.3.3-3

3.3.4-1

3.3.5-1

3.3.6-1

3.3.7-1

3.3.7-2

3.3.8-1

3.3.9-1

3.3.9-2

3.3.9-3~bpo70+1

3.3.9-3

3.3.10-1

3.3.11-1

3.3.18-1~deb7u1

3.3.18-1~deb7u2

3.3.18-1~deb7u3

4.*

4.0.5-1

4.0.5-2

4.0.6-1

4.0.7-1

4.0.7-2

4.0.8-1

4.0.9-1

4.0.10-1

4.0.11-1

4.0.12-1

4.0.13-1~bpo8+1

4.0.13-1

5.*

5.0.1-1

5.0.1-2

5.0.2-1

5.0.3-1

5.0.5-1

5.0.6-1~bpo8+1

5.0.6-1

5.0.7-1

5.0.8-1~bpo8+1

5.0.8-1

5.0.8+dfsg1-1

5.0.9+dfsg1-1

5.0.9+repack1-1

5.0.10-1~bpo8+1

5.0.10-1

5.0.11-1

5.0.12-1

5.0.13-1~bpo8+1

5.0.13-1

5.0.13-2

5.0.14-1~bpo8+1

5.0.14-1

5.0.15-1

5.0.16-1~bpo8+1

5.0.16-1

5.0.17-1

5.0.18-1

5.0.19-1

5.0.20-1

5.0.21-1~bpo9+1

5.0.21-1

5.0.22-1

5.0.23-1~bpo9+1

5.0.23-1

5.0.24-1~bpo9+1

5.0.24-1

6.*

6.0.1-1

6.0.2-1

6.0.3-1

6.0.4-1

6.0.5-1

6.0.6-1

6.0.7-1

6.0.8-1~bpo9+1

6.0.8-1

6.0.9-1~bpo9+1

6.0.9-1

6.0.10-1

6.0.11-1~bpo9+1

6.0.11-1

6.0.12-1~bpo9+1

6.0.12-1

6.0.13-1

6.0.14-1

6.0.15-1

6.0.16-1

6.0.16-2

6.0.17-1

6.0.18-1

6.0.19-1

6.0.20-1~bpo10+1

6.0.20-1

6.0.21-1

6.0.22-1

6.0.23-1

6.0.23-2

6.0.24-1~bpo10+1

6.0.24-1

6.0.25-1

6.0.25-2

6.0.25-3~bpo10+1

6.0.25-3

6.0.26-1~bpo10+1

6.0.26-1

6.0.27-1~bpo10+1

6.0.27-1

6.0.28-1~bpo10+1

6.0.28-1

6.0.28-2

6.0.29-1~bpo10+1

6.0.29-1

6.0.30-1~bpo10+1

6.0.30-1

6.0.30-2

6.0.32-1

6.0.32-2~bpo10+1

6.0.32-2

6.0.32-4

6.0.32-5~bpo10+1

6.0.32-5

6.0.32-6

6.0.36-2~bpo11+1

6.0.36-2

6.1.2-1~bpo11+1

6.1.2-1

6.2.1-1

6.2.2-1

6.2.2-2

6.3.1-1

6.3.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / znuny

Package

Name: znuny
Purl: pkg:deb/debian/znuny?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.3.2-3

6.3.3-1~bpo11+1

6.3.3-1

6.3.4-1~bpo11+1

6.3.4-1

6.4.2-1~bpo11+1

6.4.2-1

6.4.2-2

6.4.3-1~bpo11+1

6.4.3-1

6.4.4-1

6.4.5-1~bpo11+1

6.4.5-1

6.4.5-2

6.5.1-1

6.5.3-1~bpo12+1

6.5.3-1

6.5.4-1~bpo12+1

6.5.4-1

6.5.5-1~bpo12+1

6.5.5-1

6.5.6-1~bpo12+1

6.5.6-1

6.5.8-1~bpo12+1

6.5.8-1

6.5.9-1~bpo12+1

6.5.9-1

6.5.10-1~bpo12+1

6.5.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / znuny

Package

Name: znuny
Purl: pkg:deb/debian/znuny?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.3-1

Affected versions

6.*

6.3.2-3

6.3.3-1~bpo11+1

6.3.3-1

6.3.4-1~bpo11+1

6.3.4-1

6.4.2-1~bpo11+1

6.4.2-1

6.4.2-2

6.4.3-1~bpo11+1

6.4.3-1

6.4.4-1

6.4.5-1~bpo11+1

6.4.5-1

6.4.5-2

6.5.1-1

6.5.3-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}