漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insufficient access control
Vulnerability Description
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
OTRS 授权问题漏洞
Vulnerability Description
OTRS是德国OTRS公司的一个应用软件。一个服务管理软件。 OTRS 存在安全漏洞,该漏洞源于在向工单评论添加附件时,另一个用户可以添加附件并冒充原始用户。
CVSS Information
N/A
Vulnerability Type
N/A