ID CVE-2018-19143 Type cve Reporter cve@mitre.org Modified 2019-10-03T00:03:00
Description
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
{"openvas": [{"lastseen": "2020-01-31T17:40:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-12-10T00:00:00", "id": "OPENVAS:1361412562310852168", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852168", "type": "openvas", "title": "openSUSE: Security Advisory for otrs (openSUSE-SU-2018:4046-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852168\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-19141\", \"CVE-2018-19143\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-10 07:38:41 +0100 (Mon, 10 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for otrs (openSUSE-SU-2018:4046-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4046-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00017.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'otrs'\n package(s) announced via the openSUSE-SU-2018:4046-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for otrs fixes the following issues:\n\n Update to version 4.0.33.\n\n Security issues fixed:\n\n - CVE-2018-19141: Fixed privilege escalation, that an attacker who is\n logged into OTRS as an admin user cannot manipulate the URL to cause\n execution of JavaScript in the context of OTRS.\n\n - CVE-2018-19143: Fixed remote file deletion, that an attacker who is\n logged into OTRS as a user cannot manipulate the submission form to\n cause deletion of arbitrary files that the OTRS web server user has\n write access to.\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1503=1\n\n - openSUSE Backports SLE-15:\n\n zypper in -t patch openSUSE-2018-1503=1\");\n\n script_tag(name:\"affected\", value:\"otrs on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"otrs\", rpm:\"otrs~4.0.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"otrs-doc\", rpm:\"otrs-doc~4.0.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"otrs-itsm\", rpm:\"otrs-itsm~4.0.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-01-29T20:09:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "description": "Two security vulnerabilities were discovered in OTRS, a Ticket Request\nSystem, that may lead to privilege escalation or arbitrary file write.\n\nCVE-2018-19141\n\n An attacker who is logged into OTRS as an admin user may manipulate\n the URL to cause execution of JavaScript in the context of OTRS.\n\nCVE-2018-19143\n\n An attacker who is logged into OTRS as a user may manipulate the\n submission form to cause deletion of arbitrary files that the OTRS\n web server user has write access to.\n\nPlease also read the upstream advisory for CVE-2018-19141. If you\nthink you might be affected then you should consider to run the\nmentioned clean-up SQL statements to remove possible affected records.", "modified": "2020-01-29T00:00:00", "published": "2018-11-26T00:00:00", "id": "OPENVAS:1361412562310891592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891592", "type": "openvas", "title": "Debian LTS: Security Advisory for otrs2 (DLA-1592-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891592\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-19141\", \"CVE-2018-19143\");\n script_name(\"Debian LTS: Security Advisory for otrs2 (DLA-1592-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-26 00:00:00 +0100 (Mon, 26 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/\");\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"otrs2 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.3.18-1+deb8u7.\n\nWe recommend that you upgrade your otrs2 packages.\");\n\n script_tag(name:\"summary\", value:\"Two security vulnerabilities were discovered in OTRS, a Ticket Request\nSystem, that may lead to privilege escalation or arbitrary file write.\n\nCVE-2018-19141\n\n An attacker who is logged into OTRS as an admin user may manipulate\n the URL to cause execution of JavaScript in the context of OTRS.\n\nCVE-2018-19143\n\n An attacker who is logged into OTRS as a user may manipulate the\n submission form to cause deletion of arbitrary files that the OTRS\n web server user has write access to.\n\nPlease also read the upstream advisory for CVE-2018-19141. If you\nthink you might be affected then you should consider to run the\nmentioned clean-up SQL statements to remove possible affected records.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"otrs\", ver:\"3.3.18-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"otrs2\", ver:\"3.3.18-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:03:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "description": "Package : otrs2\nVersion : 3.3.18-1+deb8u7\nCVE ID : CVE-2018-19141 CVE-2018-19143\n\nTwo security vulnerabilities were discovered in OTRS, a Ticket Request\nSystem, that may lead to privilege escalation or arbitrary file write.\n\nCVE-2018-19141\n\n An attacker who is logged into OTRS as an admin user may manipulate\n the URL to cause execution of JavaScript in the context of OTRS.\n\nCVE-2018-19143\n\n An attacker who is logged into OTRS as a user may manipulate the\n submission form to cause deletion of arbitrary files that the OTRS\n web server user has write access to.\n\nPlease also read the upstream advisory for CVE-2018-19141. If you\nthink you might be affected then you should consider to run the\nmentioned clean-up SQL statements to remove possible affected records.\n\nhttps://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.3.18-1+deb8u7.\n\nWe recommend that you upgrade your otrs2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 9, "modified": "2018-11-23T19:31:54", "published": "2018-11-23T19:31:54", "id": "DEBIAN:DLA-1592-1:B0DCF", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00028.html", "title": "[SECURITY] [DLA 1592-1] otrs2 security update", "type": "debian", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "suse": [{"lastseen": "2018-12-08T03:29:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "description": "This update for otrs fixes the following issues:\n\n Update to version 4.0.33.\n\n Security issues fixed:\n\n - CVE-2018-19141: Fixed privilege escalation, that an attacker who is\n logged into OTRS as an admin user cannot manipulate the URL to cause\n execution of JavaScript in the context of OTRS.\n - CVE-2018-19143: Fixed remote file deletion, that an attacker who is\n logged into OTRS as a user cannot manipulate the submission form to\n cause deletion of arbitrary files that the OTRS web server user has\n write access to.\n\n Non-security issues fixed:\n\n - Full release notes can be found at:\n * <a rel=\"nofollow\" href=\"https://community.otrs.com/release-notes-otrs-4-patch-level-33/\">https://community.otrs.com/release-notes-otrs-4-patch-level-33/</a>\n\n", "edition": 1, "modified": "2018-12-08T00:23:24", "published": "2018-12-08T00:23:24", "id": "OPENSUSE-SU-2018:4046-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00017.html", "title": "Security update for otrs (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-01-12T09:40:08", "description": "Two security vulnerabilities were discovered in OTRS, a Ticket Request\nSystem, that may lead to privilege escalation or arbitrary file write.\n\nCVE-2018-19141\n\nAn attacker who is logged into OTRS as an admin user may manipulate\nthe URL to cause execution of JavaScript in the context of OTRS.\n\nCVE-2018-19143\n\nAn attacker who is logged into OTRS as a user may manipulate the\nsubmission form to cause deletion of arbitrary files that the OTRS web\nserver user has write access to.\n\nPlease also read the upstream advisory for CVE-2018-19141. If you\nthink you might be affected then you should consider to run the\nmentioned clean-up SQL statements to remove possible affected records.\n\nhttps://community.otrs.com/security-advisory-2018-09-security-update-f\nor-otrs-framework/\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.3.18-1+deb8u7.\n\nWe recommend that you upgrade your otrs2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 20, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-11-26T00:00:00", "title": "Debian DLA-1592-1 : otrs2 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "modified": "2018-11-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:otrs2", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:otrs"], "id": "DEBIAN_DLA-1592.NASL", "href": "https://www.tenable.com/plugins/nessus/119120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1592-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119120);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-19141\", \"CVE-2018-19143\");\n\n script_name(english:\"Debian DLA-1592-1 : otrs2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security vulnerabilities were discovered in OTRS, a Ticket Request\nSystem, that may lead to privilege escalation or arbitrary file write.\n\nCVE-2018-19141\n\nAn attacker who is logged into OTRS as an admin user may manipulate\nthe URL to cause execution of JavaScript in the context of OTRS.\n\nCVE-2018-19143\n\nAn attacker who is logged into OTRS as a user may manipulate the\nsubmission form to cause deletion of arbitrary files that the OTRS web\nserver user has write access to.\n\nPlease also read the upstream advisory for CVE-2018-19141. If you\nthink you might be affected then you should consider to run the\nmentioned clean-up SQL statements to remove possible affected records.\n\nhttps://community.otrs.com/security-advisory-2018-09-security-update-f\nor-otrs-framework/\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.3.18-1+deb8u7.\n\nWe recommend that you upgrade your otrs2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n # https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c3b34ef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/otrs2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected otrs, and otrs2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:otrs2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"otrs\", reference:\"3.3.18-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"otrs2\", reference:\"3.3.18-1+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-20T12:35:35", "description": "This update for otrs fixes the following issues :\n\nUpdate to version 4.0.33.\n\nSecurity issues fixed :\n\n - CVE-2018-19141: Fixed privilege escalation, that an\n attacker who is logged into OTRS as an admin user cannot\n manipulate the URL to cause execution of JavaScript in\n the context of OTRS.\n\n - CVE-2018-19143: Fixed remote file deletion, that an\n attacker who is logged into OTRS as a user cannot\n manipulate the submission form to cause deletion of\n arbitrary files that the OTRS web server user has write\n access to.\n\nNon-security issues fixed :\n\n - Full release notes can be found at :\n\n - https://community.otrs.com/release-notes-otrs-4-patch-level-33/", "edition": 16, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-12-10T00:00:00", "title": "openSUSE Security Update : otrs (openSUSE-2018-1503)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "modified": "2018-12-10T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:otrs-itsm", "p-cpe:/a:novell:opensuse:otrs"], "id": "OPENSUSE-2018-1503.NASL", "href": "https://www.tenable.com/plugins/nessus/119539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1503.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119539);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-19141\", \"CVE-2018-19143\");\n\n script_name(english:\"openSUSE Security Update : otrs (openSUSE-2018-1503)\");\n script_summary(english:\"Check for the openSUSE-2018-1503 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for otrs fixes the following issues :\n\nUpdate to version 4.0.33.\n\nSecurity issues fixed :\n\n - CVE-2018-19141: Fixed privilege escalation, that an\n attacker who is logged into OTRS as an admin user cannot\n manipulate the URL to cause execution of JavaScript in\n the context of OTRS.\n\n - CVE-2018-19143: Fixed remote file deletion, that an\n attacker who is logged into OTRS as a user cannot\n manipulate the submission form to cause deletion of\n arbitrary files that the OTRS web server user has write\n access to.\n\nNon-security issues fixed :\n\n - Full release notes can be found at :\n\n - https://community.otrs.com/release-notes-otrs-4-patch-level-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://community.otrs.com/release-notes-otrs-4-patch-level-33/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected otrs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:otrs-itsm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"otrs-4.0.33-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"otrs-itsm-4.0.33-lp150.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"otrs / otrs-itsm\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-20T12:54:39", "description": "This update for otrs fixes the following issues :\n\nUpdate to version 4.0.33.\n\nSecurity issues fixed :\n\n - CVE-2018-19141: Fixed privilege escalation, that an\n attacker who is logged into OTRS as an admin user cannot\n manipulate the URL to cause execution of JavaScript in\n the context of OTRS.\n\n - CVE-2018-19143: Fixed remote file deletion, that an\n attacker who is logged into OTRS as a user cannot\n manipulate the submission form to cause deletion of\n arbitrary files that the OTRS web server user has write\n access to.\n\nNon-security issues fixed :\n\n - Full release notes can be found at :\n\n - https://community.otrs.com/release-notes-otrs-4-patch-level-33/", "edition": 15, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : otrs (openSUSE-2019-973)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "modified": "2019-03-27T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:otrs-itsm", "p-cpe:/a:novell:opensuse:otrs"], "id": "OPENSUSE-2019-973.NASL", "href": "https://www.tenable.com/plugins/nessus/123396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-973.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123396);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-19141\", \"CVE-2018-19143\");\n\n script_name(english:\"openSUSE Security Update : otrs (openSUSE-2019-973)\");\n script_summary(english:\"Check for the openSUSE-2019-973 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for otrs fixes the following issues :\n\nUpdate to version 4.0.33.\n\nSecurity issues fixed :\n\n - CVE-2018-19141: Fixed privilege escalation, that an\n attacker who is logged into OTRS as an admin user cannot\n manipulate the URL to cause execution of JavaScript in\n the context of OTRS.\n\n - CVE-2018-19143: Fixed remote file deletion, that an\n attacker who is logged into OTRS as a user cannot\n manipulate the submission form to cause deletion of\n arbitrary files that the OTRS web server user has write\n access to.\n\nNon-security issues fixed :\n\n - Full release notes can be found at :\n\n - https://community.otrs.com/release-notes-otrs-4-patch-level-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://community.otrs.com/release-notes-otrs-4-patch-level-33/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected otrs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:otrs-itsm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"otrs-4.0.33-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"otrs-itsm-4.0.33-lp150.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"otrs / otrs-itsm\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}]}
