CVE-2024-43445
CVSS V2 None
CVSS V3 None
Description
A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
Overview
- CVE ID
- CVE-2024-43445
- Assigner
- OTRS
- Vulnerability Status
- PUBLISHED
- Published Version
- 2025-01-27T05:58:11.722Z
- Last Modified Date
- 2025-01-27T05:58:11.722Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advisory-2025-01/ | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-43445 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43445 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2025-01-28 13:13:38 | Added to TrackCVE |