Search...

openSUSE: Security Advisory for otrs (openSUSE-SU-2018:4046-1)

2018-12-10T00:00:00

ID OPENVAS:1361412562310852168
Type openvas
Reporter Copyright (C) 2018 Greenbone Networks GmbH
Modified 2020-01-31T00:00:00

Description

The remote host is missing an update for the

                                        
                                            # Copyright (C) 2018 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) of their respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.852168");
  script_version("2020-01-31T08:23:39+0000");
  script_cve_id("CVE-2018-19141", "CVE-2018-19143");
  script_tag(name:"cvss_base", value:"5.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:P/A:P");
  script_tag(name:"last_modification", value:"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)");
  script_tag(name:"creation_date", value:"2018-12-10 07:38:41 +0100 (Mon, 10 Dec 2018)");
  script_name("openSUSE: Security Advisory for otrs (openSUSE-SU-2018:4046-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.0");

  script_xref(name:"openSUSE-SU", value:"2018:4046-1");
  script_xref(name:"URL", value:"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00017.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'otrs'
  package(s) announced via the openSUSE-SU-2018:4046-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for otrs fixes the following issues:

  Update to version 4.0.33.

  Security issues fixed:

  - CVE-2018-19141: Fixed privilege escalation, that an attacker who is
  logged into OTRS as an admin user cannot manipulate the URL to cause
  execution of JavaScript in the context of OTRS.

  - CVE-2018-19143: Fixed remote file deletion, that an attacker who is
  logged into OTRS as a user cannot manipulate the submission form to
  cause deletion of arbitrary files that the OTRS web server user has
  write access to.
  Patch Instructions:

  To install this openSUSE Security Update use the SUSE recommended
  installation methods
  like YaST online_update or 'zypper patch'.

  Alternatively you can run the command listed for your product:

  - openSUSE Leap 15.0:

  zypper in -t patch openSUSE-2018-1503=1

  - openSUSE Backports SLE-15:

  zypper in -t patch openSUSE-2018-1503=1");

  script_tag(name:"affected", value:"otrs on openSUSE Leap 15.0.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap15.0") {
  if(!isnull(res = isrpmvuln(pkg:"otrs", rpm:"otrs~4.0.33~lp150.2.6.1", rls:"openSUSELeap15.0"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"otrs-doc", rpm:"otrs-doc~4.0.33~lp150.2.6.1", rls:"openSUSELeap15.0"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"otrs-itsm", rpm:"otrs-itsm~4.0.33~lp150.2.6.1", rls:"openSUSELeap15.0"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310852168", "type": "openvas", "bulletinFamily": "scanner", "title": "openSUSE: Security Advisory for otrs (openSUSE-SU-2018:4046-1)", "description": "The remote host is missing an update for the ", "published": "2018-12-10T00:00:00", "modified": "2020-01-31T00:00:00", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852168", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["2018:4046-1", "https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00017.html"], "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "lastseen": "2020-01-31T17:40:17", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-19143", "CVE-2018-19141"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:4046-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891592"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1592.NASL", "OPENSUSE-2018-1503.NASL", "OPENSUSE-2019-973.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1592-1:B0DCF"]}], "modified": "2020-01-31T17:40:17", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2020-01-31T17:40:17", "rev": 2}, "vulnersScore": 5.9}, "pluginID": "1361412562310852168", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852168\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-19141\", \"CVE-2018-19143\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-10 07:38:41 +0100 (Mon, 10 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for otrs (openSUSE-SU-2018:4046-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4046-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00017.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'otrs'\n package(s) announced via the openSUSE-SU-2018:4046-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for otrs fixes the following issues:\n\n Update to version 4.0.33.\n\n Security issues fixed:\n\n - CVE-2018-19141: Fixed privilege escalation, that an attacker who is\n logged into OTRS as an admin user cannot manipulate the URL to cause\n execution of JavaScript in the context of OTRS.\n\n - CVE-2018-19143: Fixed remote file deletion, that an attacker who is\n logged into OTRS as a user cannot manipulate the submission form to\n cause deletion of arbitrary files that the OTRS web server user has\n write access to.\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1503=1\n\n - openSUSE Backports SLE-15:\n\n zypper in -t patch openSUSE-2018-1503=1\");\n\n script_tag(name:\"affected\", value:\"otrs on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"otrs\", rpm:\"otrs~4.0.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"otrs-doc\", rpm:\"otrs-doc~4.0.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"otrs-itsm\", rpm:\"otrs-itsm~4.0.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "SuSE Local Security Checks"}

{"cve": [{"lastseen": "2020-12-09T20:25:39", "description": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-11T05:29:00", "title": "CVE-2018-19143", "type": "cve", "cwe": ["CWE-425"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19143"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2018-19143", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19143", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:39", "description": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.", "edition": 5, "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.8, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2018-11-11T05:29:00", "title": "CVE-2018-19141", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19141"], "modified": "2018-12-12T18:59:00", "cpe": ["cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2018-19141", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19141", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2020-08-12T01:03:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "description": "Package : otrs2\nVersion : 3.3.18-1+deb8u7\nCVE ID : CVE-2018-19141 CVE-2018-19143\n\nTwo security vulnerabilities were discovered in OTRS, a Ticket Request\nSystem, that may lead to privilege escalation or arbitrary file write.\n\nCVE-2018-19141\n\n An attacker who is logged into OTRS as an admin user may manipulate\n the URL to cause execution of JavaScript in the context of OTRS.\n\nCVE-2018-19143\n\n An attacker who is logged into OTRS as a user may manipulate the\n submission form to cause deletion of arbitrary files that the OTRS\n web server user has write access to.\n\nPlease also read the upstream advisory for CVE-2018-19141. If you\nthink you might be affected then you should consider to run the\nmentioned clean-up SQL statements to remove possible affected records.\n\nhttps://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.3.18-1+deb8u7.\n\nWe recommend that you upgrade your otrs2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 9, "modified": "2018-11-23T19:31:54", "published": "2018-11-23T19:31:54", "id": "DEBIAN:DLA-1592-1:B0DCF", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00028.html", "title": "[SECURITY] [DLA 1592-1] otrs2 security update", "type": "debian", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:09:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "description": "Two security vulnerabilities were discovered in OTRS, a Ticket Request\nSystem, that may lead to privilege escalation or arbitrary file write.\n\nCVE-2018-19141\n\n An attacker who is logged into OTRS as an admin user may manipulate\n the URL to cause execution of JavaScript in the context of OTRS.\n\nCVE-2018-19143\n\n An attacker who is logged into OTRS as a user may manipulate the\n submission form to cause deletion of arbitrary files that the OTRS\n web server user has write access to.\n\nPlease also read the upstream advisory for CVE-2018-19141. If you\nthink you might be affected then you should consider to run the\nmentioned clean-up SQL statements to remove possible affected records.", "modified": "2020-01-29T00:00:00", "published": "2018-11-26T00:00:00", "id": "OPENVAS:1361412562310891592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891592", "type": "openvas", "title": "Debian LTS: Security Advisory for otrs2 (DLA-1592-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891592\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-19141\", \"CVE-2018-19143\");\n script_name(\"Debian LTS: Security Advisory for otrs2 (DLA-1592-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-26 00:00:00 +0100 (Mon, 26 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/\");\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"otrs2 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.3.18-1+deb8u7.\n\nWe recommend that you upgrade your otrs2 packages.\");\n\n script_tag(name:\"summary\", value:\"Two security vulnerabilities were discovered in OTRS, a Ticket Request\nSystem, that may lead to privilege escalation or arbitrary file write.\n\nCVE-2018-19141\n\n An attacker who is logged into OTRS as an admin user may manipulate\n the URL to cause execution of JavaScript in the context of OTRS.\n\nCVE-2018-19143\n\n An attacker who is logged into OTRS as a user may manipulate the\n submission form to cause deletion of arbitrary files that the OTRS\n web server user has write access to.\n\nPlease also read the upstream advisory for CVE-2018-19141. If you\nthink you might be affected then you should consider to run the\nmentioned clean-up SQL statements to remove possible affected records.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"otrs\", ver:\"3.3.18-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"otrs2\", ver:\"3.3.18-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "suse": [{"lastseen": "2018-12-08T03:29:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "description": "This update for otrs fixes the following issues:\n\n Update to version 4.0.33.\n\n Security issues fixed:\n\n - CVE-2018-19141: Fixed privilege escalation, that an attacker who is\n logged into OTRS as an admin user cannot manipulate the URL to cause\n execution of JavaScript in the context of OTRS.\n - CVE-2018-19143: Fixed remote file deletion, that an attacker who is\n logged into OTRS as a user cannot manipulate the submission form to\n cause deletion of arbitrary files that the OTRS web server user has\n write access to.\n\n Non-security issues fixed:\n\n - Full release notes can be found at:\n * <a rel=\"nofollow\" href=\"https://community.otrs.com/release-notes-otrs-4-patch-level-33/\">https://community.otrs.com/release-notes-otrs-4-patch-level-33/</a>\n\n", "edition": 1, "modified": "2018-12-08T00:23:24", "published": "2018-12-08T00:23:24", "id": "OPENSUSE-SU-2018:4046-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00017.html", "title": "Security update for otrs (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-01-12T09:40:08", "description": "Two security vulnerabilities were discovered in OTRS, a Ticket Request\nSystem, that may lead to privilege escalation or arbitrary file write.\n\nCVE-2018-19141\n\nAn attacker who is logged into OTRS as an admin user may manipulate\nthe URL to cause execution of JavaScript in the context of OTRS.\n\nCVE-2018-19143\n\nAn attacker who is logged into OTRS as a user may manipulate the\nsubmission form to cause deletion of arbitrary files that the OTRS web\nserver user has write access to.\n\nPlease also read the upstream advisory for CVE-2018-19141. If you\nthink you might be affected then you should consider to run the\nmentioned clean-up SQL statements to remove possible affected records.\n\nhttps://community.otrs.com/security-advisory-2018-09-security-update-f\nor-otrs-framework/\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.3.18-1+deb8u7.\n\nWe recommend that you upgrade your otrs2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 20, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-11-26T00:00:00", "title": "Debian DLA-1592-1 : otrs2 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "modified": "2018-11-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:otrs2", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:otrs"], "id": "DEBIAN_DLA-1592.NASL", "href": "https://www.tenable.com/plugins/nessus/119120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1592-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119120);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-19141\", \"CVE-2018-19143\");\n\n script_name(english:\"Debian DLA-1592-1 : otrs2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security vulnerabilities were discovered in OTRS, a Ticket Request\nSystem, that may lead to privilege escalation or arbitrary file write.\n\nCVE-2018-19141\n\nAn attacker who is logged into OTRS as an admin user may manipulate\nthe URL to cause execution of JavaScript in the context of OTRS.\n\nCVE-2018-19143\n\nAn attacker who is logged into OTRS as a user may manipulate the\nsubmission form to cause deletion of arbitrary files that the OTRS web\nserver user has write access to.\n\nPlease also read the upstream advisory for CVE-2018-19141. If you\nthink you might be affected then you should consider to run the\nmentioned clean-up SQL statements to remove possible affected records.\n\nhttps://community.otrs.com/security-advisory-2018-09-security-update-f\nor-otrs-framework/\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.3.18-1+deb8u7.\n\nWe recommend that you upgrade your otrs2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n # https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c3b34ef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/otrs2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected otrs, and otrs2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:otrs2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"otrs\", reference:\"3.3.18-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"otrs2\", reference:\"3.3.18-1+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-09-23T16:49:48", "description": "This update for otrs fixes the following issues :\n\nUpdate to version 4.0.33.\n\nSecurity issues fixed :\n\n - CVE-2018-19141: Fixed privilege escalation, that an\n attacker who is logged into OTRS as an admin user cannot\n manipulate the URL to cause execution of JavaScript in\n the context of OTRS.\n\n - CVE-2018-19143: Fixed remote file deletion, that an\n attacker who is logged into OTRS as a user cannot\n manipulate the submission form to cause deletion of\n arbitrary files that the OTRS web server user has write\n access to.\n\nNon-security issues fixed :\n\n - Full release notes can be found at :\n\n - https://community.otrs.com/release-notes-otrs-4-patch-level-33/", "edition": 14, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : otrs (openSUSE-2019-973)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "modified": "2019-03-27T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:otrs-itsm", "p-cpe:/a:novell:opensuse:otrs"], "id": "OPENSUSE-2019-973.NASL", "href": "https://www.tenable.com/plugins/nessus/123396", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-973.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123396);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2018-19141\", \"CVE-2018-19143\");\n\n script_name(english:\"openSUSE Security Update : otrs (openSUSE-2019-973)\");\n script_summary(english:\"Check for the openSUSE-2019-973 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for otrs fixes the following issues :\n\nUpdate to version 4.0.33.\n\nSecurity issues fixed :\n\n - CVE-2018-19141: Fixed privilege escalation, that an\n attacker who is logged into OTRS as an admin user cannot\n manipulate the URL to cause execution of JavaScript in\n the context of OTRS.\n\n - CVE-2018-19143: Fixed remote file deletion, that an\n attacker who is logged into OTRS as a user cannot\n manipulate the submission form to cause deletion of\n arbitrary files that the OTRS web server user has write\n access to.\n\nNon-security issues fixed :\n\n - Full release notes can be found at :\n\n - https://community.otrs.com/release-notes-otrs-4-patch-level-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://community.otrs.com/release-notes-otrs-4-patch-level-33/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected otrs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:otrs-itsm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"otrs-4.0.33-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"otrs-itsm-4.0.33-lp150.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"otrs / otrs-itsm\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-06-05T11:17:46", "description": "This update for otrs fixes the following issues :\n\nUpdate to version 4.0.33.\n\nSecurity issues fixed :\n\n - CVE-2018-19141: Fixed privilege escalation, that an\n attacker who is logged into OTRS as an admin user cannot\n manipulate the URL to cause execution of JavaScript in\n the context of OTRS.\n\n - CVE-2018-19143: Fixed remote file deletion, that an\n attacker who is logged into OTRS as a user cannot\n manipulate the submission form to cause deletion of\n arbitrary files that the OTRS web server user has write\n access to.\n\nNon-security issues fixed :\n\n - Full release notes can be found at :\n\n - https://community.otrs.com/release-notes-otrs-4-patch-level-33/", "edition": 15, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-12-10T00:00:00", "title": "openSUSE Security Update : otrs (openSUSE-2018-1503)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19143", "CVE-2018-19141"], "modified": "2018-12-10T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:otrs-itsm", "p-cpe:/a:novell:opensuse:otrs"], "id": "OPENSUSE-2018-1503.NASL", "href": "https://www.tenable.com/plugins/nessus/119539", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1503.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119539);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2018-19141\", \"CVE-2018-19143\");\n\n script_name(english:\"openSUSE Security Update : otrs (openSUSE-2018-1503)\");\n script_summary(english:\"Check for the openSUSE-2018-1503 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for otrs fixes the following issues :\n\nUpdate to version 4.0.33.\n\nSecurity issues fixed :\n\n - CVE-2018-19141: Fixed privilege escalation, that an\n attacker who is logged into OTRS as an admin user cannot\n manipulate the URL to cause execution of JavaScript in\n the context of OTRS.\n\n - CVE-2018-19143: Fixed remote file deletion, that an\n attacker who is logged into OTRS as a user cannot\n manipulate the submission form to cause deletion of\n arbitrary files that the OTRS web server user has write\n access to.\n\nNon-security issues fixed :\n\n - Full release notes can be found at :\n\n - https://community.otrs.com/release-notes-otrs-4-patch-level-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://community.otrs.com/release-notes-otrs-4-patch-level-33/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected otrs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:otrs-itsm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"otrs-4.0.33-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"otrs-itsm-4.0.33-lp150.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"otrs / otrs-itsm\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}]}