Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="9244">
  <issue tracker="bnc" id="1115416">VUL-0: otrs: Security Advisory 2018-09</issue>
  <issue tracker="cve" id="2018-19143"/>
  <issue tracker="cve" id="2018-19141"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>This update for otrs fixes the following issues:

Update to version 4.0.33.

Security issues fixed:

- CVE-2018-19141: Fixed privilege escalation, that an attacker who is logged into OTRS as an admin user cannot manipulate the URL to cause execution of JavaScript in the context of OTRS.
- CVE-2018-19143: Fixed remote file deletion, that an attacker who is logged into OTRS as a user cannot manipulate the submission form to cause deletion of arbitrary files that the OTRS web server user has write access to.

Non-security issues fixed:

- Full release notes can be found at:
  * https://community.otrs.com/release-notes-otrs-4-patch-level-33/
</description>
  <summary>Security update for otrs</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places