Headline
CVE-2022-39052: OTRS Security Advisory 2022-13 | OTRS
An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system
Release Note
Please read carefully and check if the version of your OTRS system is affected by this vulnerability.
Please send information regarding vulnerabilities in OTRS to: [email protected]
PGP Key
- pub 2048R/9C227C6B 2011-03-21
- uid OTRS Security Team <[email protected]>
- GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 7C6B
Security Advisory Details
- ID: OSA-2022-13
- Date: 2022-10-17
- Title: DoS attack using email
- Severity: 7.5.HIGH
- Product: OTRS 8.0.x, OTRS 7.0.x
- Fixed in: OTRS 8.0.26, OTRS 7.0.39,
- FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- References: CVE-2022-39052
OSA-2022-13 DoS attack using email (CVE-2022-39052)
PRODUCT AFFECTED:
This issue affects
OTRS 8.0.x
OTRS 7.0.x.
((OTRS)) Community Edition 6.0.x.
PROBLEM:
Attacker is able to send a specially crafted email (with many recipients) and trigger DoS.
This issue was seen during production usage.
This issue has been assigned CVE-2022-39052.
SOLUTION:
Update to
OTRS 8.0.26
OTRS 7.0.39.
MODIFICATION HISTORY:
2022-10-17: Initial Publication.
CVE-2022-39052
CVSS SCORE:
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
RISK LEVEL:
HIGH
MITRE-PreviewCVE-JSON Changes
ACKNOWLEDGEMENTS:
—