Denial of Service Vulnerability in osTicket Application by Manav Parekh
CVE-2023-30082

7.5HIGH

Key Information:

Vendor: Enhancesoft
Status: Osticket
Vendor: CVE Published:; 14 June 2023

🔔 Create Enhancesoft Vulnerability Alert

What is CVE-2023-30082?

The osTicket application is susceptible to a denial of service attack when it processes unusually long passwords exceeding 10 million characters. This flaw can lead to severe performance issues, causing the server to exhaust CPU and memory resources, thereby making the website unresponsive or unavailable. Attackers can exploit this vulnerability to disrupt services and impact users significantly.

References

https://github.com/manavparekh/CVEs/blob/main/CVE-2023-30...

https://blog.manavparekh.com/2023/06/cve-2023-30082.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Apr 7, 2023

CVE-2023-30082 Data

JSON