Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-38060

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 24 июл. 2023
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS3: 6.3

ОписаниС

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

ignored

end of standard support, was needs-triage
devel

DNE

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/xenial

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

lunar

DNE

mantic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

ignored

end of standard support
devel

needs-triage

esm-apps/noble

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

lunar

ignored

end of life, was needs-triage
mantic

ignored

end of life, was needs-triage
noble

needs-triage

oracular

ignored

end of life, was needs-triage

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 38%
0.00169
Низкий

6.3 Medium

CVSS3

БвязанныС уязвимости

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-38060

CVSS3: 6.3
nvd
большС 2 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.Β  This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-38060

CVSS3: 6.3
debian
большС 2 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Improper Input Validation vulnerability in the ContentType parameter f ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-9fvp-3hg9-xrcv

CVSS3: 6.3
github
большС 2 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.Β  This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 38%
0.00169
Низкий

6.3 Medium

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2023-38060