Vulnerabilities > CVE-2023-30082 - Improper Validation of Specified Quantity in Input vulnerability in Enhancesoft Osticket 1.17.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

enhancesoft

CWE-1284

NVD

Published: 2023-06-14

Updated: 2023-06-28

Summary

A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory.

Vulnerable Configurations

Part	Description	Count
Application	Enhancesoft Enhancesoft Osticket 1.17.2	1

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://github.com/manavparekh/CVEs/blob/main/CVE-2023-30082/Steps%20to%20reproduce.txt
https://blog.manavparekh.com/2023/06/cve-2023-30082.html