VYPR
Unrated severityNVD Advisory· Published Oct 16, 2023· Updated Sep 16, 2024

External pictures can be loaded even if not allowed by configuration

CVE-2023-38059

Description

The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Range: <=6.0.34
  • OTRS/Otrsllm-fuzzy2 versions
    7.0.X before 7.0.47, 8.0.X before 8.0.37+ 1 more
    • (no CPE)range: 7.0.X before 7.0.47, 8.0.X before 8.0.37
    • (no CPE)range: 7.0.x
  • OTRS AG/((OTRS)) Community Editionv5
    Range: 6.0.x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.