Search criteria
12 vulnerabilities found for open_ticket_request_system by otrs
CVE-2018-19143 (GCVE-0-2018-19143)
Vulnerability from nvd – Published: 2018-11-11 05:00 – Updated: 2024-08-05 11:30
VLAI
Summary
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://community.otrs.com/security-advisory-2018… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
Date Public
2018-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-24T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19143",
"datePublished": "2018-11-11T05:00:00.000Z",
"dateReserved": "2018-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19142 (GCVE-0-2018-19142)
Vulnerability from nvd – Published: 2018-11-11 05:00 – Updated: 2024-08-05 11:30
VLAI
Summary
Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.otrs.com/security-advisory-2018… | x_refsource_MISC |
Date Public
2018-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-11T04:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19142",
"datePublished": "2018-11-11T05:00:00.000Z",
"dateReserved": "2018-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19141 (GCVE-0-2018-19141)
Vulnerability from nvd – Published: 2018-11-11 05:00 – Updated: 2024-08-05 11:30
VLAI
Summary
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://community.otrs.com/security-advisory-2018… | x_refsource_MISC |
Date Public
2018-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-24T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
},
{
"name": "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19141",
"datePublished": "2018-11-11T05:00:00.000Z",
"dateReserved": "2018-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16587 (GCVE-0-2018-16587)
Vulnerability from nvd – Published: 2018-09-28 00:00 – Updated: 2024-08-05 10:24
VLAI
Summary
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/OTRS/otrs/commit/d9db0c6a15caa… | x_refsource_CONFIRM |
| https://www.debian.org/security/2018/dsa-4317 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://community.otrs.com/security-advisory-2018… | x_refsource_CONFIRM |
| https://github.com/OTRS/otrs/commit/a4a1a01f84fac… | x_refsource_CONFIRM |
| https://github.com/OTRS/otrs/commit/d8cae00b0f78c… | x_refsource_CONFIRM |
Date Public
2018-09-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711"
},
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711"
},
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711"
},
{
"name": "DSA-4317",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"name": "https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/"
},
{
"name": "https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01"
},
{
"name": "https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16587",
"datePublished": "2018-09-28T00:00:00.000Z",
"dateReserved": "2018-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16586 (GCVE-0-2018-16586)
Vulnerability from nvd – Published: 2018-09-28 00:00 – Updated: 2024-08-05 10:24
VLAI
Summary
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://community.otrs.com/security-advisory-2018… | x_refsource_CONFIRM |
| https://www.debian.org/security/2018/dsa-4317 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://github.com/OTRS/otrs/commit/baa92df09145b… | x_refsource_CONFIRM |
| https://github.com/OTRS/otrs/commit/a808859a75c59… | x_refsource_CONFIRM |
| https://github.com/OTRS/otrs/commit/09e80c7752b0d… | x_refsource_CONFIRM |
Date Public
2018-09-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/"
},
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/"
},
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/"
},
{
"name": "DSA-4317",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"name": "https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302"
},
{
"name": "https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7"
},
{
"name": "https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16586",
"datePublished": "2018-09-28T00:00:00.000Z",
"dateReserved": "2018-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14593 (GCVE-0-2018-14593)
Vulnerability from nvd – Published: 2018-08-03 16:00 – Updated: 2024-08-05 09:29
VLAI
Summary
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2018/dsa-4317 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://community.otrs.com/security-advisory-2018… | x_refsource_CONFIRM |
Date Public
2018-07-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180821 [SECURITY] [DLA 1473-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180821 [SECURITY] [DLA 1473-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4317",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180821 [SECURITY] [DLA 1473-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00021.html"
},
{
"name": "https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14593",
"datePublished": "2018-08-03T16:00:00.000Z",
"dateReserved": "2018-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:29:51.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19142 (GCVE-0-2018-19142)
Vulnerability from cvelistv5 – Published: 2018-11-11 05:00 – Updated: 2024-08-05 11:30
VLAI
Summary
Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.otrs.com/security-advisory-2018… | x_refsource_MISC |
Date Public
2018-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-11T04:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19142",
"datePublished": "2018-11-11T05:00:00.000Z",
"dateReserved": "2018-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19141 (GCVE-0-2018-19141)
Vulnerability from cvelistv5 – Published: 2018-11-11 05:00 – Updated: 2024-08-05 11:30
VLAI
Summary
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://community.otrs.com/security-advisory-2018… | x_refsource_MISC |
Date Public
2018-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-24T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
},
{
"name": "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19141",
"datePublished": "2018-11-11T05:00:00.000Z",
"dateReserved": "2018-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19143 (GCVE-0-2018-19143)
Vulnerability from cvelistv5 – Published: 2018-11-11 05:00 – Updated: 2024-08-05 11:30
VLAI
Summary
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://community.otrs.com/security-advisory-2018… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
Date Public
2018-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-24T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19143",
"datePublished": "2018-11-11T05:00:00.000Z",
"dateReserved": "2018-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16586 (GCVE-0-2018-16586)
Vulnerability from cvelistv5 – Published: 2018-09-28 00:00 – Updated: 2024-08-05 10:24
VLAI
Summary
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://community.otrs.com/security-advisory-2018… | x_refsource_CONFIRM |
| https://www.debian.org/security/2018/dsa-4317 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://github.com/OTRS/otrs/commit/baa92df09145b… | x_refsource_CONFIRM |
| https://github.com/OTRS/otrs/commit/a808859a75c59… | x_refsource_CONFIRM |
| https://github.com/OTRS/otrs/commit/09e80c7752b0d… | x_refsource_CONFIRM |
Date Public
2018-09-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/"
},
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/"
},
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/"
},
{
"name": "DSA-4317",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"name": "https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302"
},
{
"name": "https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7"
},
{
"name": "https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16586",
"datePublished": "2018-09-28T00:00:00.000Z",
"dateReserved": "2018-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16587 (GCVE-0-2018-16587)
Vulnerability from cvelistv5 – Published: 2018-09-28 00:00 – Updated: 2024-08-05 10:24
VLAI
Summary
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/OTRS/otrs/commit/d9db0c6a15caa… | x_refsource_CONFIRM |
| https://www.debian.org/security/2018/dsa-4317 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://community.otrs.com/security-advisory-2018… | x_refsource_CONFIRM |
| https://github.com/OTRS/otrs/commit/a4a1a01f84fac… | x_refsource_CONFIRM |
| https://github.com/OTRS/otrs/commit/d8cae00b0f78c… | x_refsource_CONFIRM |
Date Public
2018-09-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711"
},
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711"
},
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711"
},
{
"name": "DSA-4317",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1521-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html"
},
{
"name": "https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/"
},
{
"name": "https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01"
},
{
"name": "https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16587",
"datePublished": "2018-09-28T00:00:00.000Z",
"dateReserved": "2018-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14593 (GCVE-0-2018-14593)
Vulnerability from cvelistv5 – Published: 2018-08-03 16:00 – Updated: 2024-08-05 09:29
VLAI
Summary
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2018/dsa-4317 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://community.otrs.com/security-advisory-2018… | x_refsource_CONFIRM |
Date Public
2018-07-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180821 [SECURITY] [DLA 1473-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180821 [SECURITY] [DLA 1473-1] otrs2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4317",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4317"
},
{
"name": "[debian-lts-announce] 20180821 [SECURITY] [DLA 1473-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00021.html"
},
{
"name": "https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de",
"refsource": "CONFIRM",
"url": "https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14593",
"datePublished": "2018-08-03T16:00:00.000Z",
"dateReserved": "2018-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:29:51.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}