Security Advisories Dear reader, The following security fixes were made: OTRS Security Advisory 2024-01 ID: OSA-2024-01 Date: 2024-01-29 Title: Missing file type check in avatar picture upload Severity: 3.5 LOW Product: OTRS 7.0.x, OTRS Fixed in: OTRS 7.0.49, OTRS 2024.1.1 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N References: CVE-2024-23790 OTRS Security Advisory 2024-02 ID: OSA-2024-02 Date: 2024-01-29 Title: Unnecessary data is written to log if issues during indexing occurs Severity: 4.9 MEDIUM Product: OTRS 7.0.x, OTRS Fixed in: OTRS 7.0.49, OTRS 2024.1.1 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N References: CVE-2024-23791 OTRS Security Advisory 2024-03 ID: OSA-2024-03 Date: 2024-01-29 Title: Insufficient access control Severity: 5.3 MEDIUM Product: OTRS 7.0.x, OTRS Fixed in: OTRS 7.0.49, OTRS 2024.1.1 FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N References: CVE-2024-23792 OTRS Security Advisory 2024-04 ID: OSA-2024-04 Date: 2024-01-29 Title: A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor Severity: 6.1 MEDIUM Product: OTRS 7.0.x, OTRS Fixed in: OTRS 7.0.49, OTRS 2024.1.1, OTRSAdvancedEditor 7.0.33, OTRSAdvancedEditor 2024.1.1 FULL CVSS v3.1 VECTOR: OTRSAdvancedEditor 2024.1.1 References: CVE-2021-33829 To read the entire Security Advisory/Advisories, please follow this link: https://otrs.com/otrs-software-solutions/otrs/overview-release-notes-securit... https://pg183.keap-link007.com/v2/click/29fb8532430bb2b82c9c5ea7e570de8f/eJy... Kind regards, Your OTRS release team https://pg183.keap-link007.com/v2/click/6f6578f592c82fe87489cd6dcda7c153/eJy... Subscribe to the OTRS Newsletter. Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language. German https://pg183.keap-link007.com/v2/click/359dc1d6fe272992a5b0aa68120b1d8f/eJy... Spanish https://pg183.keap-link007.com/v2/click/e415307c889a1177323a248cd2ae81fc/eJy... English https://pg183.keap-link007.com/v2/click/43a7611827acc020bc63063968e7d3af/eJy... Portuguese https://pg183.keap-link007.com/v2/click/03a0cc89bd3d7a8d215b523a4536e2c4/eJy... https://pg183.keap-link007.com/v2/click/1d0c4b8e22810701dad85958b800f6f0/eJy... https://pg183.keap-link007.com/v2/click/05c61bc3168e4c238a230e6cd60f7c76/eJy... https://pg183.keap-link007.com/v2/click/627667e361f411b98bee17f7c1e14c83/eJy... https://pg183.keap-link007.com/v2/click/88b60360b105376bb050cd3fb5e6b2a3/eJy... https://pg183.keap-link007.com/v2/click/87155e4868d782e014ccbddf2fae346c/eJy... Visit www.otrs.com https://pg183.keap-link007.com/v2/click/a220500a0289da05d5713d6b143d8433/eJy... or contact us.  https://pg183.keap-link007.com/v2/click/5aaa4e374f2647cd2fd12abe8c998dcc/eJy... Legal notice https://pg183.keap-link007.com/v2/click/d43a3d5971c0509b7d8ba4d4f8d63aa3/eJy... Privacy Statement https://pg183.keap-link007.com/v2/click/10d852c7741c604fc147dcf1fe2ef241/eJy...