6 matches found
openSUSE Security Update : otrs (openSUSE-2019-973)
This update for otrs fixes the following issues : Update to version 4.0.33. Security issues fixed : - CVE-2018-19141: Fixed privilege escalation, that an attacker who is logged into OTRS as an admin user cannot manipulate the URL to cause execution of JavaScript in the context of OTRS. -...
openSUSE: Security Advisory for otrs (openSUSE-SU-2018:4046-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Debian DLA-1592-1 : otrs2 security update
Two security vulnerabilities were discovered in OTRS, a Ticket Request System, that may lead to privilege escalation or arbitrary file write. CVE-2018-19141 An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...
Debian: Security Advisory (DLA-1592-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1592-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u7 CVE ID : CVE-2018-19141 CVE-2018-19143 Two security vulnerabilities were discovered in OTRS, a Ticket Request System, that may lead to privilege escalation or arbitrary file write. CVE-2018-19141 An attacker who is logged into OTRS as an admin user may...
CVE-2018-19143
OTRS pre-4.0.33, pre-5.0.31, and pre-6.0.13 are affected by CVE-2018-19143. An authenticated user can delete arbitrary files via a tampered submission form due to improper upload caching. The issue is fixed in OTRS at least in 4.0.33, 5.0.31, and 6.0.13; upgrading to the respective patched releas...