Debian Otrs2 vulnerabilities

CVE-2019-9752 [MEDIUM] CVE-2019-9752: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, ... An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.

CVE-2019-18180 [MEDIUM] CVE-2019-18180: otrs2 - Improper Check for filenames with overly long extensions in PostMaster (sending ... Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions

CVE-2019-9753 [LOW] CVE-2019-9753: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. A... An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items. Scope: local bul

CVE-2019-13457 [MEDIUM] CVE-2019-13457: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8... An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on. Scope: local bullseye: resolved

CVE-2019-10065 [MEDIUM] CVE-2019-10065: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. ... An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753. Scope: local bullseye: resolved

CVE-2018-14593 [HIGH] CVE-2018-14593: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9... An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL. Scope: local bullseye: resolved (fixed in 6.0.10-1)

CVE-2018-16586 [MEDIUM] CVE-2018-16586: otrs2 - In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, a... In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources. Scope: local bullseye: resolved (fixed in 6.0.11-1)

CVE-2018-19141 [MEDIUM] CVE-2018-19141: otrs2 - Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 al... Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. Scope: local bullseye: resolved (fixed in 6.0.1-1)

CVE-2018-16587 [MEDIUM] CVE-2018-16587: otrs2 - In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, a... In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to. Scope: local bullseye: resolved (fixed in 6.0.11-1)

CVE-2018-17883 [MEDIUM] CVE-2018-17883: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12... An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS. Scope: local bullseye: resolved (fixed in 6.0.12-1)

CVE-2018-19143 [MEDIUM] CVE-2018-19143: otrs2 - Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and ... Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. Scope: local bullseye: resolved (fixed in 6.0.13-1)

CVE-2018-20800 [MEDIUM] CVE-2018-20800: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. ... An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. Scope: local bullseye: resolved (fixed in 6.0.14-1)

CVE-2018-10198 [MEDIUM] CVE-2018-10198: otrs2 - An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged in... An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. Scope: local bullseye: resolved (fixed in 6.0.7-1)

CVE-2018-19142 [MEDIUM] CVE-2018-19142: otrs2 - Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct... Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. Scope: local bullseye: resolved (fixed in 6.0.13-1)

CVE-2018-11563 [MEDIUM] CVE-2018-11563: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7... An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application. Scope: local bullseye: resolved (fixed in 6.0.8-1)

CVE-2018-7567 [HIGH] CVE-2018-7567: otrs2 - In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through ... In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating

CVE-2017-9324 [HIGH] CVE-2017-9324: otrs2 - In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, a... In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or

CVE-2017-16664 [HIGH] CVE-2017-16664: otrs2 - Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System... Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. Scope: local bullseye: resolved (fixed in 5.0.24-1)

CVE-2017-16921 [HIGH] CVE-2017-16921: otrs2 - In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, ... In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. Scope: local bullseye: resolved (fixed in 6.0.2-1)

CVE-2017-15864 [HIGH] CVE-2017-15864: otrs2 - In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18,... In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. Scope: local bullseye: resolved (fixed in 4.0.7-2)