[IT-SecNots] [announce] New Security Updates for OTRS

[Melanie Krüger <melanie.krueger AT otrs.com>]

Security Advisories

Dear reader,

The following security fixes were made:

OTRS Security Advisory 2020-15

ID: OSA-2020-15
Date: 2020-10-12
Title: Agent names disclosed in chat feature.
Severity: 4.3 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x
Fixed in: OTRS 8.0.7, OTRS 7.0.22
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References: CVE-2020-1777 

OTRS Security Advisory 2020-14

ID: OSA-2020-14
Date: 2020-10-12
Title: Vulnerability in third-party library - jquery
Severity: 6.3 MEDIUM, 6.5 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
Fixed in: OTRS 8.0.7, OTRS 7.0.22, OTRS 6.0.30
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:R
References: CVE-2020-11023, CVE-2020-11022 

To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/ 

Kind regards, 
Your OTRS release team 

   

Visit www.otrs.com or contact us. 

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0

Attachment: smime.p7s
Description: S/MIME cryptographic signature

---------------------------------------------------------------------
OTRS mailing list: announce - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/announce
To unsubscribe: http://lists.otrs.org/mailman/listinfo/announce