| CVE编号 | CVE-2025-24387 |
|---|---|
| 发布日期 | 2025-03-10T09:28:31.053Z |
| 更新日期 | 2025-03-10T13:12:40.237Z |
| 状态 | PUBLISHED |
| 受影响的供应商 | OTRS AG |
| 受影响的产品 | OTRS |
| 描述 | A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.x |
参考链接:
