{"id":"CVE-2024-23790","details":"Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\nThis issue affects OTRS:  from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\n\n","modified":"2026-03-14T12:26:51.137853Z","published":"2024-01-29T10:15:08.263Z","references":[{"type":"ADVISORY","url":"https://otrs.com/release-notes/otrs-security-advisory-2024-01/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23790.json","unresolved_ranges":[{"events":[{"introduced":"7.0.0"},{"fixed":"7.0.49"}]},{"events":[{"introduced":"8.0.0"},{"fixed":"2024.1.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}