CVE-2019-10067
https://notcve.org/view.php?id=CVE-2019-10067
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. Se encontró un problema en Open Ticket Request System (OTRS) versión 7.x hasta 7.0.6 y en Community Edition versión versión 5.0.x hasta 5.0.35 y versión 6.0.x hasta 6.0.17. Un atacante logeado en OTRS como un agente de usuario con los permisos apropiados puede manipular la URL para provocar la ejecución de JavaScript en el contexto de OTRS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-9752
https://notcve.org/view.php?id=CVE-2019-9752
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm. Se ha descubierto un problema en Open Ticket Request System (OTRS), en CVErsiones 5.x anteriores a la 5.0.34, CVErsiones 6.x anteriores a la 6.0.16 y CVErsiones 7.x anteriores a la 7.0.4. Un atacante que haya iniciado sesión en OTRS como usuario agente o cliente podría subir un recurso manipulado para provocar la ejecución de JavaScript en el contexto de OTRS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20800
https://notcve.org/view.php?id=CVE-2018-20800
An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. Se ha descubierto un problema en Open Ticket Request System (OTRS), en sus CVErsiones 5.0.31 y 6.0.13. Los usuarios que actualicen a la CVErsión 6.0.13 (también actualizaciones a niCVEl de parche) o 5.0.31 (solo actualizaciones principales) experimentarán una pérdida de datos en su tabla de preferencias de agente. • https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework • CWE-20: Improper Input Validation •
CVE-2018-7567 – OTRS Command Injection
https://notcve.org/view.php?id=CVE-2018-7567
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary. ** EN DISPUTA ** En el Admin Package Manager en Open Ticket Request System (OTRS) 5.0.0 hasta 5.0.24 y 6.0.0 hasta 6.0.1, los administradores autenticados pueden explotar una vulnerabilidad de ejecución remota de código ciega cargando un archivo opm manipulado mediante un elemento CodeInstall para ejecutar un comando en el servidor mediante la instalación de paquetes. NOTA: el fabricante discute este problema argumentando que "el comportamiento se ha diseñado así y es necesario para que diferentes paquetes sean instalados", "hay una advertencia de seguridad si el paquete no está verificado por OTRS Group" y "es posible y la responsabilidad de un administrador comprobar los paquetes antes de instalarlos, lo que es posible porque no son binarios". OTRS versions 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1 suffer from remote code execution vulnerabilities. • https://0day.today/exploit/29938 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2017-17476
https://notcve.org/view.php?id=CVE-2017-17476
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. Open Ticket Request System (OTRS) en versiones 4.0.x anteriores a la 4.0.28, 5.0.x anteriores a la 5.0.26 y 6.0.x anteriores a la 6.0.3, cuando el soporte de cookies está desactivado, podría permitir a los atacantes remotos secuestrar las sesiones web y ganar privilegios en consecuencia mediante un email manipulado. • https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html https://www.debian.org/security/2017/dsa-4069 https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •