Описание
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| otrs2 | fixed | 5.0.23-1 | package |
Примечания
https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85 (rel-5_0)
https://github.com/OTRS/otrs/commit/00bcc89dc2443b5d8b34a0908e224373926aa618 (rel-5_0)
https://github.com/OTRS/otrs/commit/b69c2533c951fa72bfe238f255ce76352f054897 (rel-5_0)
https://github.com/OTRS/otrs/commit/b92ec17196ac3e1fdcab40fbb16dbb602d5d52b5 (rel-5_0)
https://github.com/OTRS/otrs/commit/3ccc426ec220267d0cac8e3fdc39015a3db7d720 (rel-3_3)
https://github.com/OTRS/otrs/commit/f27dc65e4a937ba832d60e212ce6c9e3a28e406b (rel-3_3)
https://github.com/OTRS/otrs/commit/454c50116c2bf82dcd9dfee9146a7416be686875 (rel-3_3)
https://github.com/OTRS/otrs/commit/5468720cc8225a85699b1977ff230adbf9f8362d (rel-3_3)
https://github.com/OTRS/otrs/commit/0583dfda7bc9c7d76457aad68083f4b28a288ce5 (rel-3_3)
https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/
Связанные уязвимости
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.