CVE Vulnerabilities

CVE-2024-23790

Improper Validation of Integrity Check Value

Published: Jan 29, 2024 | Modified: Feb 02, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.

Weakness

The product does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

Affected Software

Name Vendor Start Version End Version
Otrs Otrs 7.0.0 (including) 7.0.49 (excluding)
Otrs Otrs 8.0.0 (including) 2024.1.1 (excluding)
Otrs2 Ubuntu bionic *
Znuny Ubuntu mantic *

Potential Mitigations

References