File Upload Vulnerability in OTRS: Improper Input Validation in User Avatar Upload

File Upload Vulnerability in OTRS: Improper Input Validation in User Avatar Upload

CVE-2024-23790 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.