Dynamic field error message is vulnerable to XSS
traduction en cours…Plateforme
otrs
Composant
otrs
Corrigé dans
7.0.32
CVE-2022-0473 describes a cross-site scripting (XSS) vulnerability in OTRS versions 7.0.0 through 7.0.31. This vulnerability allows an attacker to inject malicious JavaScript code into the error message of a regular expression check within dynamic fields. Exploitation requires administrator privileges and can lead to code execution within the administrator's browser session. A patch is available to resolve this issue.
Impact et Scénarios d'Attaquetraduction en cours…
Successful exploitation of CVE-2022-0473 could allow an attacker to execute arbitrary JavaScript code in the context of an OTRS administrator's browser. This could lead to session hijacking, credential theft, or defacement of the OTRS interface. The attacker could potentially gain access to sensitive data stored within OTRS, including customer information, support tickets, and internal communications. While the CVSS score is LOW, the potential for administrator account compromise makes this a significant risk, particularly in environments where OTRS is used to manage critical business processes.
Contexte d'Exploitationtraduction en cours…
CVE-2022-0473 was publicly disclosed on February 7, 2022. No public proof-of-concept (PoC) code has been widely reported. The vulnerability's LOW severity rating and lack of public exploits suggest a low probability of active exploitation at this time. It is not listed on the CISA KEV catalog.
Qui Est à Risquetraduction en cours…
Organizations using OTRS for customer support or IT service management are at risk, particularly those relying on OTRS administrators with broad privileges. Environments with custom dynamic field configurations or legacy OTRS installations are especially vulnerable.
Étapes de Détectiontraduction en cours…
• otrs: Examine OTRS dynamic field configurations for suspicious regular expressions or unusual characters.
# Example: Search for potentially malicious code in dynamic field definitions
grep -r 'alert\(' /opt/otrs/ -print0 | xargs -0 grep -i 'script'• generic web: Monitor OTRS access logs for unusual requests containing JavaScript code in dynamic field parameters.
# Example: Search for JavaScript code in OTRS access logs
grep -i 'alert(' /var/log/apache2/access.logChronologie de l'Attaque
- Disclosure
disclosure
Renseignement sur les Menaces
Statut de l'Exploit
EPSS
0.36% (percentile 58%)
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Élevé — un compte administrateur ou privilégié est requis.
- User Interaction
- Aucune — attaque automatique et silencieuse. La victime ne fait rien.
- Scope
- Inchangé — impact limité au composant vulnérable.
- Confidentiality
- Faible — accès partiel ou indirect à certaines données.
- Integrity
- Faible — l'attaquant peut modifier certaines données avec un impact limité.
- Availability
- Aucun — aucun impact sur la disponibilité.
Logiciel Affecté
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
- Modifiée
- EPSS mis à jour
Mitigation et Contournementstraduction en cours…
The primary mitigation for CVE-2022-0473 is to upgrade to a patched version of OTRS. Consult the official OTRS advisory for the specific version containing the fix. As a temporary workaround, administrators should carefully review and validate all dynamic field configurations, paying close attention to regular expression checks. Implement strict input validation and sanitization on all user-supplied data used in dynamic fields. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious payloads.
Comment corrigertraduction en cours…
Actualice OTRS a una versión posterior a la 7.0.31. Esto solucionará la vulnerabilidad XSS en los mensajes de error de los campos dinámicos.
Newsletter Sécurité CVE
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
Questions fréquentestraduction en cours…
What is CVE-2022-0473 — XSS in OTRS?
CVE-2022-0473 is a cross-site scripting (XSS) vulnerability in OTRS versions 7.0.0–7.0.31 that allows attackers to inject malicious JavaScript code.
Am I affected by CVE-2022-0473 in OTRS?
You are affected if you are running OTRS versions 7.0.0 through 7.0.31 and have not upgraded to a patched version.
How do I fix CVE-2022-0473 in OTRS?
Upgrade to a patched version of OTRS. Consult the official OTRS advisory for the specific version containing the fix.
Is CVE-2022-0473 being actively exploited?
There are no widespread reports of active exploitation, but the vulnerability remains a potential risk.
Where can I find the official OTRS advisory for CVE-2022-0473?
Refer to the official OTRS security advisory for details: [https://otrs.com/security-advisories/otrs-security-advisory-2022-0473/](https://otrs.com/security-advisories/otrs-security-advisory-2022-0473/)
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.