CVE-2023-38056

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-38056

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38056.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-38056

Downstream

UBUNTU-CVE-2023-38056

Published

2023-07-24T09:15:09.403Z

Modified

2026-03-14T12:08:11.120650Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

References

https://otrs.com/release-notes/otrs-security-advisory-2023-05/

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38056.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "6.0.1"
            },
            {
                "last_affected": "6.0.34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.0.0"
            },
            {
                "fixed": "7.0.45"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.0.0"
            },
            {
                "fixed": "8.0.35"
            }
        ]
    }
]