CVE-2024-23791 MEDIUM

CVE-2024-23791: Unnecessary data is written to log if issues during indexing occurs

Vendor Otrs Ag
Product OTRS
Weakness CWE-532 · Sensitive info in logs
Published January 29, 2024
Last update May 29, 2025

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.

Key dates

02Disclosure timeline

January 29, 2024 CVE published
May 29, 2025 Record updated