SUSE Package Hub - openSUSE-2019-973

Update Info

openSUSE-2019-973

Security update for otrs

Type: security

Severity: moderate

Issued: 2019-03-23

Description:

This update for otrs fixes the following issues:

Update to version 4.0.33.

Security issues fixed:

- CVE-2018-19141: Fixed privilege escalation, that an attacker who is logged into OTRS as an admin user cannot manipulate the URL to cause execution of JavaScript in the context of OTRS.
- CVE-2018-19143: Fixed remote file deletion, that an attacker who is logged into OTRS as a user cannot manipulate the submission form to cause deletion of arbitrary files that the OTRS web server user has write access to.

Non-security issues fixed:

- Full release notes can be found at:
  * https://community.otrs.com/release-notes-otrs-4-patch-level-33/

References

CVE: CVE-2018-19143
CVE: CVE-2018-19141
Bugzilla: 1115416 VUL-0: otrs: Security Advisory 2018-09

Packages

otrs-4.0.33-bp150.3.6.1