Vulnerabilities > Otrs > Otrs > 2023.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-10 | CVE-2025-24387 | Cross-Site Request Forgery (CSRF) vulnerability in Otrs A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. | 6.5 |
| 2024-07-15 | CVE-2024-23794 | Unspecified vulnerability in Otrs An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. | 7.5 |
| 2024-07-15 | CVE-2024-6540 | Unspecified vulnerability in Otrs Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. | 5.3 |
| 2024-01-29 | CVE-2024-23790 | Improper Validation of Integrity Check Value vulnerability in Otrs Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1. | 9.8 |
| 2024-01-29 | CVE-2024-23791 | Information Exposure Through Log Files vulnerability in Otrs Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1. | 7.5 |
| 2024-01-29 | CVE-2024-23792 | Improper Authentication vulnerability in Otrs When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. | 6.5 |