Описание
Security update for otrs
This update for otrs fixes the following issues:
Update to version 4.0.33.
Security issues fixed:
- CVE-2018-19141: Fixed privilege escalation, that an attacker who is logged into OTRS as an admin user cannot manipulate the URL to cause execution of JavaScript in the context of OTRS.
- CVE-2018-19143: Fixed remote file deletion, that an attacker who is logged into OTRS as a user cannot manipulate the submission form to cause deletion of arbitrary files that the OTRS web server user has write access to.
Non-security issues fixed:
- Full release notes can be found at:
Список пакетов
SUSE Package Hub for SUSE Linux Enterprise 15
otrs-4.0.33-bp150.3.6.1
otrs-doc-4.0.33-bp150.3.6.1
otrs-itsm-4.0.33-bp150.3.6.1
Ссылки
- E-Mail link for openSUSE-SU-2018:4046-1
- SUSE Security Ratings
Описание
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 15:otrs-4.0.33-bp150.3.6.1
SUSE Package Hub for SUSE Linux Enterprise 15:otrs-doc-4.0.33-bp150.3.6.1
SUSE Package Hub for SUSE Linux Enterprise 15:otrs-itsm-4.0.33-bp150.3.6.1
Ссылки
- CVE-2018-19141
- SUSE Bug 1115416
Описание
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 15:otrs-4.0.33-bp150.3.6.1
SUSE Package Hub for SUSE Linux Enterprise 15:otrs-doc-4.0.33-bp150.3.6.1
SUSE Package Hub for SUSE Linux Enterprise 15:otrs-itsm-4.0.33-bp150.3.6.1
Ссылки
- CVE-2018-19143
- SUSE Bug 1115416