Security Advisory

CVE-2023-38060

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-07-24 08:28:13
Last updated 2025-02-13 17:01:45
Assigner OTRS
State PUBLISHED

Description

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.  This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.