subject:"\[announce\] New Security Updates for OTRS"

[announce]New Security Updates for OTRS

2024-01-29 Thread Melanie Krueger




Security Advisories
 
Dear reader,
 
The following security fixes were made:
 
OTRS Security Advisory 2024-01
 
ID: OSA-2024-01
Date: 2024-01-29
Title: Missing file type check in avatar picture upload
Severity: 3.5 LOW
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2024-23790
 
OTRS Security Advisory 2024-02
 
ID: OSA-2024-02
Date: 2024-01-29
Title: Unnecessary data is written to log if issues during indexing occurs
Severity: 4.9 MEDIUM
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References: CVE-2024-23791
 
OTRS Security Advisory 2024-03
 
ID: OSA-2024-03
Date: 2024-01-29
Title: Insufficient access control
Severity: 5.3 MEDIUM
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
References: CVE-2024-23792
 
OTRS Security Advisory 2024-04
 
ID: OSA-2024-04
Date: 2024-01-29
Title: A cross-site scripting (XSS) vulnerability in the HTML Data Processor in 
CKEditor
Severity: 6.1 MEDIUM
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1, OTRSAdvancedEditor 7.0.33, 
OTRSAdvancedEditor 2024.1.1
FULL CVSS v3.1 VECTOR: OTRSAdvancedEditor 2024.1.1
References: CVE-2021-33829
 
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/otrs-software-solutions/otrs/overview-release-notes-security-advisories/security-advisories/
 

 
Kind regards,
Your OTRS release team
 

 
Subscribe to the OTRS Newsletter.
Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
Spanish 

 
English 

 
Portuguese

[announce]New Security Updates for OTRS

2023-11-27 Thread Melanie Krueger



Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2023-11

ID: OSA-2023-11
Date: 2023-11-07
Title: Password is sent back to client
Severity: 8.1. HIGH
Product: OTRS 8.0.x
Fixed in: OTRS 2023.1.1
FULL CVSS v3.1. VECTOR: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References: CVE-2023-6254

To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/otrs-software-solutions/otrs/overview-release-notes-security-advisories/release-notes/
Kind regards, 
Your OTRS release team 
  
Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0









smime.p7s
Description: S/MIME cryptographic signature
-- 
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce]New Security Updates for OTRS

2023-10-16 Thread Melanie Krueger





Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2023-08

ID: OSA-2023-08
Date: 2023-10-16
Title: External pictures can be loaded even if not allowed by configuration
Severity: 5.3 MEDIUM
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.47, OTRS 8.0.37
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References: CVE-2023-38059

OTRS Security Advisory 2023-09

ID: OSA-2023-09
Date: 2023-10-16
Title: Possible XSS execution in customer information
Severity: 3.5 LOW
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.47, OTRS 8.0.37
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
References: CVE-2023-5421

OTRS Security Advisory 2023-10

ID: OSA-2023-10
Date: 2023-10-16
Title: SSL Certificates are not checked for E-Mail Handling
Severity: 8.7 HIGH
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.47, OTRS 8.0.37
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
References: CVE-2023-5422

To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/otrs-software-solutions/otrs/overview-release-notes-security-advisories/release-notes/
Kind regards, 
Your OTRS release team 
  
Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0







smime.p7s
Description: S/MIME cryptographic signature
-- 
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce]New Security Updates for OTRS

2023-07-24 Thread Melanie Krueger



Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2023-04

ID: OSA-2023-04
Date: 2023-06-27
Title: Host header injection by attachments in web service
Severity: 6.3 MEDIUM
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.45, OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References: CVE-2023-38060


OTRS Security Advisory 2023-05

ID: OSA-2023-05
Date: 2023-06-29
Title: Code execution via System Configuration
Severity: 7.2 HIGH
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.45, OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References: CVE-2023-38056


OTRS Security Advisory 2023-06

ID: OSA-2023-06
Date: 2023-07-24
Title: Possible XSS stored in survey answers
Severity: 4.1 MEDIUM
Product: Survey 6.0.x, Survey 7.0.x, Survey 8.0.x
Fixed in: Survey 7.0.32, Survey 8.0.13
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
References: CVE-2023-38057


OTRS Security Advisory 2023-07

ID: OSA-2023-07
Date: 2023-07-24
Title: Tickets can be moved without permission
Severity: 4.1 MEDIUM
Product: OTRS 8.0.x
Fixed in: OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
References: CVE-2023-38058


To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team 
 

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0





smime.p7s
Description: S/MIME cryptographic signature
-- 
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:

[announce] New Security Updates for OTRS

2023-05-08 Thread Erkan Yilmaz





Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2023-03

ID: OSA-2023-03
Date: 2023-05-08
Title: Information disclouse and DoS via websocket push events
Severity: 7.6 HIGH
Product: OTRS 8.0.x
Fixed in: OTRS 8.0.32
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L  
References: CVE-2023-2534

To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team

 


Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  







smime.p7s
Description: S/MIME cryptographic signature
-- 
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce]New Security Updates for OTRS

2023-03-20 Thread Bernd Maus






Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2023-01

ID: OSA-2023-01
Date: 2023-03-20
Title: Possible XSS in Ticket Actions
Severity: 5.4 MEDIUM
Product: OTRS 7.0.x
Fixed in: OTRS 7.0.42
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References: CVE-2023-1248

OTRS Security Advisory 2023-02

ID: OSA-2023-02
Date: 2023-03-20
Title: Code execution through ACL creation
Severity: 7.4 HIGH
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.42, OTRS 8.0.31
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
References: CVE-2023-1250
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team 
 

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0






-- 
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce]New Security Updates for OTRS

2022-12-19 Thread Bernd Maus




Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2022-15

ID: OSA-2022-15
Date: 2022-12-19
Title: SQL Injection via OTRS Search API
Severity: 6.5. MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x
Fixed in: OTRS 8.0.28 Patch 1 or OTRS 7.0.40 Patch 1
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References: CVE-2022-4427
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team 
 

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0





smime.p7s
Description: S/MIME cryptographic signature
-- 
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce] New Security Updates for OTRS

2022-10-17 Thread Erkan Yilmaz




Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2022-14

IID: OSA-2022-14
Date: 2022-10-17
Title: Information exposure of template content due to missing check of 
permissions
Severity: 3.5 LOW
Product: OTRS 8.0.x
Fixed in: OTRS 8.0.26
FULL CVSS v3.1 VECTOR: CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2022-3501
OTRS Security Advisory 2022-13

ID: OSA-2022-13
Date: 2022-10-17
Title: DoS attack using email
Severity: 7.5.HIGH
Product: OTRS 8.0.x, OTRS 7.0.x
Fixed in: OTRS 8.0.26, OTRS 7.0.39,
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References: CVE-2022-39052
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team

 


Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  





smime.p7s
Description: S/MIME cryptographic signature
-- 
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce] New Security Updates for OTRS

2022-09-05 Thread Bernd Maus




Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2022-12

ID: OSA-2022-12
Date: 2022-09-05
Title: Perl Code execution in Template Toolkit
Severity: 6.8 MEDIUM
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 8.0.25, OTRS 7.0.37,
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
References: CVE-2022-39051

OTRS Security Advisory 2022-11

ID: OSA-2022-11
Date: 2022-09-05
Title: Possible XSS stored in customer information
Severity: 4.6. MEDIUM
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.37, OTRS 8.0.25
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
References: CVE-2022-39050

OTRS Security Advisory 2022-10

ID: OSA-2022-10
Date: 2022-09-05
Title: Possible XSS in Admin Interface
Severity: 3.5 LOW
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.37, OTRS 8.0.25
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
References: CVE-2022-39049
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team

 


Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  






smime.p7s
Description: S/MIME cryptographic signature
-- 
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce]New Security Updates for OTRS

2022-03-21 Thread Erkan Yilmaz



Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2022-03

ID: OSA-2022-03
Date: 2022-03-21
Title: Authenticated remote code execution
Severity: 6.4 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x, OTRSSTORM 8.0.x, OTRSSTORM 7.0.x, 
SystemMonitoring 8.0.x, SystemMonitoring 7.0.x
Fixed in: OTRS 8.0.20, OTRS 7.0.33, OTRSSTORM 8.0.12, OTRSSTORM 7.0.28, 
SystemMonitoring 8.0.9, SystemMonitoring 7.0.19
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References: CVE-2021-36100


OTRS Security Advisory 2022-05

ID: OSA-2022-05
Date: 2022-03-21
Title: Possible XSS attack via translation
Severity: 3.5 LOW
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.33, OTRS 8.0.20
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
References: CVE-2022-0475


OTRS Security Advisory 2022-06

ID: OSA-2022-06
Date: 2022-03-21
Title: Information disclosure in the External Interface
Severity: 4.3 MEDIUM
Product: OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.33, OTRS 8.0.20
FULL CVSS v3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References: CVE-2022-1004


To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team 
 

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  





smime.p7s
Description: S/MIME cryptographic signature
-- 
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce]New Security Updates for OTRS

2022-02-07 Thread Erkan Yilmaz




Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2022-01

ID: OSA-2022-01
Date: 2022-02-07
Title: Dynamic field error message is vulnerable to XSS
Severity: 3.8 LOW
Product: OTRS 7.0.x
Fixed in: OTRS 7.0.32
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
References: CVE-2022-0473


OTRS Security Advisory 2022-02

ID: OSA-2022-02
Date: 2022-02-07
Title: Disclosure of mail addresses
Severity: 2.4 LOW
Product: OTRSCustomContactFields 8.0.x,
Fixed in: OTRS 8.0.12
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
References: CVE-2022-0474


OTRS Security Advisory 2022-04

ID: OSA-2022-04
Date: 2022-02-07
Title: Several vulnerabilities in third-party npm modules
Severity: 5.8 MEDIUM
Product: OTRS 8.0.x
Fixed in: OTRS 8.0.19
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
References: CVE-2021-3803 / CVE-2021-3807 / CVE-2021-23368


To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team 
 

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  


smime.p7s
Description: S/MIME cryptographic signature
-- 
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce] New Security Updates for OTRS

2021-10-18 Thread Sabrina Seubert


Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2021-20

ID: OSA-2021-20
Date: 2021-10-18
Title: Agents are able to lock the ticket without the "Owner" permission
Severity: 3.5 LOW
Product: OTRS 8.0.x
Fixed in: OTRS 8.0.17
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
References: CVE-2021-36097
OTRS Security Advisory 2021-19

ID: OSA-2021-19
Date: 2021-10-18
Title: Regular Expression Denial of Service in postcs
Severity: 5.3 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x
Fixed in: OTRS 8.0.17, OTRS 7.0.30
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References: CVE-2021-23368
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team

 


Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0



smime.p7s
Description: S/MIME cryptographic signature
--
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce]New Security Updates for OTRS

2021-09-06 Thread Bernd Maus



Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2021-18

ID: OSA-2021-18
Date: 2021-09-06
Title: User enumeration issue using "lost password" feature
Severity: 5.3 MEDIUM
Product: OTRS 7.0.x
Fixed in: OTRS 7.0.29
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References: CVE-2021-36095
OTRS Security Advisory 2021-17

ID: OSA-2021-17
Date: 2021-09-06
Title: XSS attack in appointment edit popup screen
Severity: 5.7. MEDIUM
Product: OTRS 7.0.x
Fixed in: OTRS 7.0.29
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
References: CVE-2021-36094
OTRS Security Advisory 2021-16

ID: OSA-2021-16
Date: 2021-09-06
Title: DoS attack using PostMaster filters
Severity: 5.3 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x
Fixed in: OTRS 8.0.16, OTRS 7.0.29
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References: CVE-2021-36093
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team
 
Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 
 
English 

Spanish 
 
Portuguese 

     
  
  

Visit www.otrs.com 
 
or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0




smime.p7s
Description: S/MIME cryptographic signature
--
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce]New Security Updates for OTRS

2021-07-26 Thread Erkan Yilmaz



Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2021-10

ID: OSA-2021-10
Date: 2021-07-26
Title: Support Bundle includes S/Mime and PGP keys
Severity: 5.2 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x
Fixed in: OTRS 8.0.15, OTRS 7.0.28
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
References: CVE-2021-21440




OTRS Security Advisory 2021-12

ID: OSA-2021-12
Date: 2021-07-26
Title: XSS vulnerability in Time Accounting
Severity: 4.5. MEDIUM
Product: TimeAccounting 7.0.x
Fixed in: TimeAccounting 7.0.20
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
References: CVE-2021-21442





OTRS Security Advisory 2021-13

ID: OSA-2021-13
Date: 2021-07-26
Title: Unautorized listing of the customer user emails
Severity: 3.5 LOW
Product: OTRS 7.0.x, OTRS 6.0.x,
Fixed in: OTRS 7.0.28
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2021-21443





OTRS Security Advisory 2021-14

ID: OSA-2021-14
Date: 2021-07-26
Title: Unautorized access to the calendar appointments
Severity: 3.5 LOW
Product: OTRS 7.0.x, OTRS 6.0.x
Fixed in: OTRS 7.0.28
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2021-36091





OTRS Security Advisory 2021-15

ID: OSA-2021-15
Date: 2021-07-26
Title: XSS attack using special link in email
Severity: 6.5 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
Fixed in: OTRS 8.0.15, OTRS 7.0.28
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References: CVE-2021-36092






To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  


Kind regards, 
Your OTRS release team 
 
Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 
 
English 

Spanish 
 
Portuguese 

     
  
  

Visit www.otrs.com 
 
or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0



smime.p7s
Description: S/MIME cryptographic signature
--
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce]New Security Updates for OTRS

2021-06-14 Thread Bernd Maus



Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2021-09

ID: OSA-2021-09
Date: 2021-06-14
Title: Possible DoS attack using a special crafted URL in email body
Severity: 6.5 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x,
Fixed in: OTRS 8.0.14, OTRS 7.0.27
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References: CVE-2021-21439
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team
Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 
 
English 

Spanish 
 
Portuguese 

     
  
  

Visit www.otrs.com 
 
or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0

smime.p7s
Description: S/MIME cryptographic signature
--
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce]New Security Updates for OTRS

2021-03-22 Thread Sabrina Seubert



Security Advisories
Dear reader,

The following security fix/es was/were made:
OTRS Security Advisory 2021-08

ID: OSA-2021-08
Date: 2021-03-22
Title: FAQ articles are shown to users without permission
Severity: 3.5 LOW
Product: OTRS 7.0.24, and FAQ 6.0.29
Fixed in: OTRS 7.0.25
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2021-21438
OTRS Security Advisory 2021-07

ID: OSA-2021-07
Date: 2021-03-22
Title: Config Items are shown to users without permission
Severity: 3.5 LOW
Product: ITSMConfigurationManagement 7.0.24 and OTRSCIsInCustomerFrontend 7.0.15
Fixed in: ITSMConfigurationManagement 7.0.25 and OTRSCIsInCustomerFrontend 
7.0.16
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2021-21437
OTRS Security Advisory 2021-06

ID: OSA-2021-06
Date: 2021-03-22
Title: ReDoS vulnerability in thirdparty library (jquery-validate)
Severity: 5.3 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
Fixed in: OTRS 8.0.12, OTRS 7.0.25
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References: CVE-2021-21252
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team
Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting 
tips from our experts every month. Simply select your desired language.
German 

 
English 

Spanish 

 
Portuguese 

     
  
  

Visit www.otrs.com 

 or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0



smime.p7s
Description: S/MIME cryptographic signature
--
___
announce mailing list -- announce@lists.otrs.org
To unsubscribe send an email to announce-le...@lists.otrs.org
To manage your subscription or browse the message archive visit:
  https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

[announce] New Security Updates for OTRS

2020-11-23 Thread Sabrina Seubert




Security Advisories
Dear reader,

The following security fixes were made:
OTRS Security Advisory 2020-16

ID: OSA-2020-16
Date: 2020-11-23
Title: Bypassing user account validation
Severity: 4.1 MEDIUM
Product: OTRS 8.0.9
Fixed in: OTRS 8.0.10
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
References: CVE-2020-1778
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team
     
  

Visit www.otrs.com 

 or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0




smime.p7s
Description: S/MIME cryptographic signature
-
OTRS mailing list: announce - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/announce
To unsubscribe: http://lists.otrs.org/mailman/listinfo/announce

[announce] New Security Updates for OTRS

2020-10-12 Thread Melanie Krüger



Security Advisories
Dear reader,

The following security fixes were made:
OTRS Security Advisory 2020-15

ID: OSA-2020-15
Date: 2020-10-12
Title: Agent names disclosed in chat feature.
Severity: 4.3 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x
Fixed in: OTRS 8.0.7, OTRS 7.0.22
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References: CVE-2020-1777 
OTRS Security Advisory 2020-14

ID: OSA-2020-14
Date: 2020-10-12
Title: Vulnerability in third-party library - jquery
Severity: 6.3 MEDIUM, 6.5 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
Fixed in: OTRS 8.0.7, OTRS 7.0.22, OTRS 6.0.30
FULL CVSS v3.1 VECTOR: 
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C, 
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:R
References: CVE-2020-11023, CVE-2020-11022 
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team 
     
  

Visit www.otrs.com 

 or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0



smime.p7s
Description: S/MIME cryptographic signature
-
OTRS mailing list: announce - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/announce
To unsubscribe: http://lists.otrs.org/mailman/listinfo/announce

[announce] New Security Updates for OTRS

2020-07-20 Thread Melanie Krüger



Security Advisories
Dear reader,

The following security fix was made:
OTRS Security Advisory 2020-13

ID: OSA-2020-13 
Date: 2020-07-20
Title: Invalidating or changing user does not invalidate session
Severity: 3.5 LOW 
Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
Fixed in: OTRS 8.0.5 OTRS 7.0.19, OTRS 6.0.29
FULL CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2020-1776
To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/
  

Kind regards, 
Your OTRS release team 
     
  

Visit www.otrs.com 

 or contact us.  

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0





smime.p7s
Description: S/MIME cryptographic signature
-
OTRS mailing list: announce - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/announce
To unsubscribe: http://lists.otrs.org/mailman/listinfo/announce

[announce]New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce] New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce] New Security Updates for OTRS

[announce] New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce] New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce]New Security Updates for OTRS

[announce] New Security Updates for OTRS

[announce] New Security Updates for OTRS

[announce] New Security Updates for OTRS

19 matches

Site Navigation

Mail list logo

Footer information