[announce]New Security Updates for OTRS

Mon, 24 Jul 2023 01:23:27 -0700 


Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2023-04

ID: OSA-2023-04
Date: 2023-06-27
Title: Host header injection by attachments in web service
Severity: 6.3 MEDIUM
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.45, OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References: CVE-2023-38060


OTRS Security Advisory 2023-05

ID: OSA-2023-05
Date: 2023-06-29
Title: Code execution via System Configuration
Severity: 7.2 HIGH
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.45, OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References: CVE-2023-38056


OTRS Security Advisory 2023-06

ID: OSA-2023-06
Date: 2023-07-24
Title: Possible XSS stored in survey answers
Severity: 4.1 MEDIUM
Product: Survey 6.0.x, Survey 7.0.x, Survey 8.0.x
Fixed in: Survey 7.0.32, Survey 8.0.13
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
References: CVE-2023-38057


OTRS Security Advisory 2023-07

ID: OSA-2023-07
Date: 2023-07-24
Title: Tickets can be moved without permission
Severity: 4.1 MEDIUM
Product: OTRS 8.0.x
Fixed in: OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
References: CVE-2023-38058


To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  
<https://pg183.keap-link011.com/v2/click/6fb2d7645c3a9007f68835596c8b836c/eJyNkEuLwkAQhP9LnxPjMya5iYiEuB7EPS9D0mhjnBl6OpEg-e87PvCk4LWq-iuqryColZa8ggzsYZRMIADGkiyhlqXRosq7mYynSTwLoCZ9WrNpLGTXd7cv_6am6Xw4DEA6iz6y3y2WRb5d_23ybeGjVrHv-IYzSifxOH6BVj-LfAN9_5GMZ5JV6-EOMuEGb5Mq8rPkl2ufP4pYl0WREXaD0pwj0yK3hJeQsUblMNRG0IUOy4ZJulBVLTnDhC56p_lKZS3q6vmwArtHcf8Po7x1tg==>
Kind regards, 
Your OTRS release team 
 
<https://pg183.keap-link011.com/v2/click/f77fb911440f3bedc8a2c68cc94b7550/eJyNj8EKgkAURf_lrSVRS2bciYiI5iJqHcM41JCOw_gMRPz3xgxXBW3fvfc8zgQoFFOY1xCBvnkkAAeM4FJLoTDpFDL-Dom_J-HBgUaqR2a6QUM0fdtu-XKlNKTEARy1sJXzKU6KvMquZV4VtqqZsT_-4Xg0CP1wA6XHOC9hnn-SRSsxfVp4DxGaQSxKtbRaeDGN7d8RdR-5boem3_Gudfkq6tot01qo-mNeiHElzC9-NF-_>
Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 
<https://pg183.keap-link011.com/v2/click/0f9a2178ada66f1328ad59b5045e6750/eJyNkEELgkAQhf_LnK1FK1FvIiKidYg6h7iDLdm67E6FiP-9taIuBd2GeW--4b0BCGUlKecQgWrcYAEOaKyFEigp6SRV9UMMvGXgrxxohTxlursoiIZvt2992oahH_oOUK_QWnbbOCnyTXYo801hrarS9sc_HDdc-N4HlK7jvIRx_EnGs6D0auEGItIXnCJxYWPRXrfWfyRSJmKsI23mdXdmHJnEm2mRCPVMYyOMHZhFVUqh5K8iCuyfwPEOVF9lqA==>
 
English 
<https://pg183.keap-link011.com/v2/click/05a1d2538d57ef52056db7deaf1a943d/eJyNkE8LgkAQxb_LnC3xT6LeQkRE8xB1DtHBlnRddsdCxO_eWuGpoNsw781veG8CQl5ySmsIQTSW74ABEismGHKKek5l9RJ92_W9nQEt47dE9oOAcPp2u-rLNgi8wDWARoHacjruoywtkkueFpm2ilLqH_9wrMDxbG8FxYd9msM8_yRjxyi-a7iCkOSAS6Sa6Vh0lq32X4mECk2zJ6m2Vd-ZHB-qRSKUG4kNU3owNacUAnn9aSHD8U2bnypxZK4=>
Spanish 
<https://pg183.keap-link011.com/v2/click/a023a9204849aa837b442c3134299286/eJyNkE8LgkAQxb_LnK0lLVFvIiKieYg6h-hgS7ouu2Mh4ndv-4Ongm7DvDe_4b0JCEUpKK0hANlsPAcsUFhxyVFQ1Asqq5fo2VvP3VnQcnFNVD9ICKZvt4v-3Pq-69sW0CjRWI6HMMrSIjnnaZEZqyyV-fEPZ-M7ru0uoHgfpjnM808ydpzim4FrCEgN-IxUcxOLTqo1_guR1AFjPSm9rvqOoWYC77pFIlQrhQ3XZmAGVUqJov4UkeH4Bs4PU9hlsw==>
 
Portuguese 
<https://pg183.keap-link011.com/v2/click/4a3696f7a45e3a5e5d7b60c4f8424c0a/eJyNkEELgkAQhf_LnK0tLVFvERJieYg6h-hgS7oOu1MR4n9vrfBU0G2Y9-Yb3uuAUeWKkxIioGoeeOCAxkKSRMXrVnFevMTAXQT-0oFaqstGt1eCqPt2O-rDNgz9cOYAPwit5bBfrdMk25y2SZZaK-Xa_viHMw893_VHULxbJVvo-59kbCTHNws3ELG-4hCplDYWH3Vt_WdmMpEQLWszLdpGEAuFd1MjM-qJxkoaOwiLyolQlZ8iUny8gf0TVHdlvQ==>
 <https://www.facebook.com/OTRSGroup/>  <https://twitter.com/otrsgroup>  
<https://www.linkedin.com/company/154779>  
<https://www.youtube.com/channel/UCHdOAyuwwkkk5ko_vy0X8_g>  
<https://www.instagram.com/otrs_group/>
Visit www.otrs.com 
<https://pg183.keap-link011.com/v2/click/2eecf811a3804f82cb625cb3c5079f9e/eJyNkMEKgkAQht9lzqKoZasQISIimoeos4gutaTrso6JiO_eWuGpoOv833zDPxMg5QXHuAIPxNUkNmggackEoxyDlmNRvkJibYiz1aBm_B7JthfgTd9213yZuq5DiAY4CqqQ88kPkjiL8jTOEoWKQqob_3hM13YsZxWFRz9OYZ5_mmnDMHwoeQceyp4ulSqmauFF1oq_IYrOM4xhGPQWZaeXbWMcemxyVu1Na2cqRyEE5dXnAwkd36b5CXZrYf8=>
 or contact us.  
<https://pg183.keap-link011.com/v2/click/bff39be1cc9150dee01368fba8cd980b/eJyNj8EKgkAURf_lraVBLRndiYgMmouodQw61JCOw_gMRPz3xozaFLR9997zOBOgUFwhqyECfXGpDw4YUUkthcKkU8irZ0i9LQ12DjRS3TLTDRqi6dv2nS_XMAxo4ACOWtjK8RAnOSuzc8HK3FY1N_bHPxw39APvA0r3MStgnn-SRSsxvVt4DxGaQSxKtbRaeDKN7V8RdR8R0qHpN1XXkmoVJXbLtRaqfpnnYlwJ8wN73l-8>
OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
_______________________________________________
announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

Reply via email to