VDB

DEBIAN-CVE-2023-38060

DEBIAN-CVE-2023-38060 PUBLISHED CVSS 8.800000190734863 HIGH

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.  This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:14znuny0, 6.3.3-1, 6.3.3-1~bpo11+1
Debian:13znuny0, 6.3.3-1~bpo11+1, 6.3.4-1
Debian:11otrs2*, 5.0.11-1, 5.0.12-1
Debian:12znuny6.3.3-1~bpo11+1, 6.3.4-1, 6.3.4-1~bpo11+1

Timeline

  • Jul 24, 2023 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›