Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
External pictures can be loaded even if not allowed by configuration
Vulnerability Description
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
OTRS 安全漏洞
Vulnerability Description
OTRS是德国OTRS公司的一个应用软件。一个服务管理软件。 OTRS 7.0.47 之前、 8.0.37 之前版本、 OTRS Community Edition 6.0.X 到 6.0.34版本存在安全漏洞,该漏洞源于如果攻击者在有效负载中使用协议相关 URL,则不会阻止外部image加载,可用于检索用户的 IP。
CVSS Information
N/A
Vulnerability Type
N/A