SECURITY ADVISORY
- VERÖFFENTLICHUNGSDATUM:
- RELEASE-TYP:
- KRITIKALITÄT:
- BETROFFENE VERSIONEN:
- REFERENZ:
- 18. April 2024
- Security Patch Release
- HIGH
- OTOBO 10.1
OTOBO 10.0 - https://www.cve.org/CVERecord?id=CVE-2024-32491
Description
Problem
- Fix for a vulnerability that://2014 – A vulnerability was fixed, which allowed authenticated users to perform a code injection by exploiting a path traversal vulnerability. The OTOBO standard configuration is not affected, and this only applies to systems where the SysConfig “WebUploadCacheModule” is set to “Kernel::System::Web::UploadCache::FS (CVE-2024-32491) [#3309].
Many thanks to Martino Spagnuolo for reporting the security vulnerability.
Potential Consequences
- Code Injection
Measures for Secure Operation
Update to OTOBO 10.1.10
A security patch update is available to fix the vulnerability. Please update your system.
Bug Fixes
- [Bugfix] Correction of sorting to ensure correct functionality of SysConfig search [#3277]
We’d be happy to clarify your questions. Contact us.
As a support customer, you require assistance with the security patch. Please contact us through your access in the support portal.
Downloads
Company
OTOBO | Empower Service Excellence to Make People Smile.
The Source Code Owner and Maintainer of OTOBO.
Software
Service Management Platform
OTOBO Demo
OTOBO Download
OTOBO Documentation
Report a security issues:
security@otobo.org
