{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-38060","title":"Title"},{"category":"description","text":"Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows  any authenticated attacker to  to perform an host header injection for the ContentType header of the attachment.  \n\n\nThis issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-38060","url":"https://www.suse.com/security/cve/CVE-2023-38060"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1213599 for CVE-2023-38060","url":"https://bugzilla.suse.com/1213599"}],"title":"SUSE CVE CVE-2023-38060","tracking":{"current_release_date":"2025-12-19T01:21:23Z","generator":{"date":"2025-02-14T06:20:20Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-38060","initial_release_date":"2025-02-14T06:20:20Z","revision_history":[{"date":"2025-02-14T06:20:20Z","number":"2","summary":"Current version"},{"date":"2025-02-16T06:13:29Z","number":"3","summary":"Current version"},{"date":"2025-07-07T23:51:01Z","number":"4","summary":"Current version"},{"date":"2025-12-17T01:11:55Z","number":"5","summary":"description changed"},{"date":"2025-12-19T01:21:23Z","number":"6","summary":"description changed"}],"status":"interim","version":"6"}}}