Update Info

openSUSE-2019-973


Security update for otrs


Type: security
Severity: moderate
Issued: 2019-03-23
Description:
This update for otrs fixes the following issues:

Update to version 4.0.33.

Security issues fixed:

- CVE-2018-19141: Fixed privilege escalation, that an attacker who is logged into OTRS as an admin user cannot manipulate the URL to cause execution of JavaScript in the context of OTRS.
- CVE-2018-19143: Fixed remote file deletion, that an attacker who is logged into OTRS as a user cannot manipulate the submission form to cause deletion of arbitrary files that the OTRS web server user has write access to.

Non-security issues fixed:

- Full release notes can be found at:
  * https://community.otrs.com/release-notes-otrs-4-patch-level-33/


              

Packages


  • otrs-4.0.33-bp150.3.6.1