CVE-2023-38059

Summary

CVE-2023-38059 is a vulnerability that affects OTRS and ((OTRS)) Community Edition. The loading of external images is not blocked, even if configured, if the attacker uses a protocol-relative URL in the payload. This can be exploited to retrieve the IP of the user. The affected versions of OTRS are from 7.0.X before 7.0.47 and from 8.0.X before 8.0.37, while ((OTRS)) Community Edition is affected from 6.0.X through 6.0.34. To remediate this vulnerability, organizations should update their OTRS installations to versions 7.0.47 or 8.0.37, or upgrade to ((OTRS)) Community Edition version 6.0.35 or later. The potential danger this vulnerability poses to an organization is low confidentiality impact, as it allows for information exposure but does not provide direct access to sensitive data or compromise system integrity or availability. Note: This summary is based on the information provided and does not include any additional analysis or opinions beyond the facts presented in the text provided above.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.