Debian Otrs2 vulnerabilities

CVE-2023-38060 [MEDIUM] CVE-2023-38060: otrs2 - Improper Input Validation vulnerability in the ContentType parameter for attachm... Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS

CVE-2022-4427 [MEDIUM] CVE-2022-4427: otrs2 - Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Commun... Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. Scope: local bullseye: open

CVE-2021-21441 [HIGH] CVE-2021-21441: otrs2 - There is a XSS vulnerability in the ticket overview screens. It's possible to co... There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. O

CVE-2021-21440 [MEDIUM] CVE-2021-21440: otrs2 - Generated Support Bundles contains private S/MIME and PGP keys if containing fol... Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions. Scope: local bullseye: resolved (fixed in 6.0.32-6)

CVE-2021-41183 [MEDIUM] CVE-2021-41183: jqueryui - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0... jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accep

CVE-2021-21439 [MEDIUM] CVE-2021-21439: otrs2 - DoS attack can be performed when an email contains specially designed URL in the... DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0

CVE-2021-21252 [MEDIUM] CVE-2021-21252: civicrm - The jQuery Validation Plugin provides drop-in validation for your existing forms... The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3. Scope: local bullseye: open

CVE-2021-41182 [MEDIUM] CVE-2021-41182: jqueryui - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0... jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value

CVE-2021-41184 [MEDIUM] CVE-2021-41184: jqueryui - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0... jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of

CVE-2021-36100 [MEDIUM] CVE-2021-36100: otrs2 - Specially crafted string in OTRS system configuration can allow the execution of... Specially crafted string in OTRS system configuration can allow the execution of any system command. Scope: local bullseye: open

CVE-2021-36091 [LOW] CVE-2021-36091: otrs2 - Agents are able to list appointments in the calendars without required permissio... Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27. Scope: local bullseye: resolved (fixed in 6.0.32-6)

CVE-2021-21443 [LOW] CVE-2021-21443: otrs2 - Agents are able to list customer user emails without required permissions in the... Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27. Scope: local bullseye: resolved (fixed in 6.0.32-6)

CVE-2021-21435 [MEDIUM] CVE-2021-21435: otrs2 - Article Bcc fields and agent personal information are shown when customer prints... Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions. Scope: local bullseye: resolved

CVE-2020-1773 [HIGH] CVE-2020-1773: otrs2 - An attacker with the ability to generate session IDs or password reset tokens, e... An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and

CVE-2020-1771 [MEDIUM] CVE-2020-1771: otrs2 - Attacker is able craft an article with a link to the customer address book with ... Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. Scope: local bullseye: resolved (fixed in 6.0.27-1)

CVE-2020-11023 [MEDIUM] CVE-2020-11023: node-jquery - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML... In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. Scope: local bookworm: resolved (fixed in 3.5.0+dfsg-2) bu

CVE-2020-1772 [MEDIUM] CVE-2020-1772: otrs2 - It's possible to craft Lost Password requests with wildcards in the Token value,... It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. Scope: local bullseye: resolved (fixed in 6.0.2

CVE-2020-11022 [MEDIUM] CVE-2020-11022: node-jquery - In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML f... In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. Scope: local bookworm: resolved (fixed in 3.5.0+dfsg-2) bullseye: resolved (fixe

CVE-2020-1774 [MEDIUM] CVE-2020-1774: otrs2 - When user downloads PGP or S/MIME keys/certificates, exported file has same name... When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions. Scope: local bullseye: r

CVE-2020-1769 [LOW] CVE-2020-1769: otrs2 - In the login screens (in agent and customer interface), Username and Password fi... In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. Scope: local bullseye: resolved (fixed in 6.0.27-1)