CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*

History

24 Mar 2023, 18:56

Type Values Removed Values Added
References (MISC) https://otrs.com/release-notes/otrs-security-advisory-2023-02/ - (MISC) https://otrs.com/release-notes/otrs-security-advisory-2023-02/ - Vendor Advisory
CWE CWE-94
CPE cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

20 Mar 2023, 14:02

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-20 09:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-1250

Mitre link : CVE-2023-1250

CVE.ORG link : CVE-2023-1250


JSON object : View

Products Affected

otrs

  • otrs
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-20

Improper Input Validation