Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2023-38059

The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.

  • Published: Oct 16, 2023
  • Updated: Oct 20, 2023
  • CVE: CVE-2023-38059
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
otrs / otrs 7.0.0 7.0.47
otrs / otrs 6.0.0 6.0.34.x
otrs / otrs 8.0.0 8.0.37