CVE-2024-23792

Summary

The CVE-2024-23792 vulnerability affects the OTRS ticketing system versions 7.0.X through 7.0.48, 8.0.X through 8.0.37, and 2023.X through 2023.1.1. It allows a logged-in user to impersonate another user by adding attachments to their comments using the UUID. While the legitimate user is completing the comment, the malicious user can add additional files to it. The risk score for this vulnerability is 25 out of 100, with a base severity rating of MEDIUM. The exploitability score is 1.6 out of 10, indicating a relatively low level of difficulty for exploitation. The impact score is 3.6 out of 10, highlighting a high integrity impact but no confidentiality impact or availability impact on the affected organization's systems and data. To remediate this vulnerability, organizations should update their OTRS installations to versions that have addressed the issue provided by [email protected]. Note: This report is based solely on information provided and does not take into account additional context or analysis beyond what is presented in the given text.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.