Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [announce]New Security Updates for OTRS

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [announce]New Security Updates for OTRS


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Bernd Maus <bernd.maus AT otrs.com>
  • To: announce AT otrs.org
  • Subject: [IT-SecNots] [announce]New Security Updates for OTRS
  • Date: Mon, 8 Feb 2021 10:02:02 +0100
  • Archived-at: <https://lists.otrs.org/hyperkitty/list/announce AT lists.otrs.org/message/KUFBFQSPN3AY4JJK4CPZIJST3FYBIETW/>
  • List-archive: <https://lists.otrs.org/hyperkitty/list/announce AT lists.otrs.org/>
  • List-id: "Announcements about OTRS.org" <announce.lists.otrs.org>

image

Security Advisories

Dear reader,

The following security fix/es was/were made:

OTRS Security Advisory 2021-05

ID: OSA-2021-05
Date: 2021-02-08
Title: Several Vulnerabilites in CKEditor
Severity: 5.5 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
Fixed in: OTRS 8.0.11, OTRS 7.0.24
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
References: CVE-2018-17960, https://ckeditor.com/cke4/release-notes

OTRS Security Advisory 2021-04

ID: OSA-2021-04
Date: 2021-02-08
Title: Agent is able to link customer's Config Items without permission
Severity: 3.5 LOW
Product: OTRSCIsInCustomerFrontend 7.0.14
Fixed in: OTRSCIsInCustomerFrontend 7.0.15
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2021-21436

OTRS Security Advisory 2021-03

ID: OSA-2021-03
Date: 2021-02-08
Title: Dynamic templates reveal sensitive data when OTRS tags are used
Severity: 4.3. MEDIUM
Product: OTRSTicketForms 6.0.40, OTRSTicketForms 7.0.29 and OTRSTicketForms 8.0.3
Fixed in: OTRSTicketForms 7.0.30 and OTRSTicketForms 8.0.4
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
References: CVE-2020-1779

OTRS Security Advisory 2021-02

ID: OSA-2021-02
Date: 2021-02-08
Title: Information exposure in PDF export
Severity: 5.7 MEDIUM
Product: OTRS 8.0.x, OTRS 7.0.x, OTRS 6.0.x
Fixed in: OTRS 8.0.11, OTRS 7.0.24
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
References: CVE-2021-21435

OTRS Security Advisory 2021-01

ID: OSA-2021-01
Date: 2021-02-08
Title: XSS
Severity: 3.5 LOW
Product: Survey 7.0.x, Survey 6.0.x
Fixed in: Survey 7.0.20
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
References: CVE-2021-21434

To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/ 
Kind regards, 
Your OTRS release team

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language.

Facebook Twitter LinkedIn YouTube Instagram

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0



Attachment: smime.p7s
Description: S/MIME cryptographic signature

---------------------------------------------------------------------
OTRS mailing list: %(real_name)s - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/%(real_name)s
To unsubscribe: %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
  • [IT-SecNots] [announce]New Security Updates for OTRS, Bernd Maus, 08.02.2021

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang