Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [announce]New Security Updates for OTRS

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [announce]New Security Updates for OTRS


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Melanie Krueger <melanie.krueger AT otrs.com>
  • To: announce AT otrs.org
  • Subject: [IT-SecNots] [announce]New Security Updates for OTRS
  • Date: Mon, 24 Jul 2023 08:47:14 +0200
  • Archived-at: <https://lists.otrs.org/hyperkitty/list/announce AT lists.otrs.org/message/ZRCHNY3MUJFMK3B7RNK7T6FR44SXQJYE/>
  • Authentication-results: mail.piratenpartei.de; dkim=pass header.d=otrs.com header.s=otrs1 header.b=Q60hTwvT; spf=none (mail.piratenpartei.de: domain of announce-bounces AT lists.otrs.org has no SPF policy when checking 135.181.4.15) smtp.mailfrom=announce-bounces AT lists.otrs.org; dmarc=pass (policy=reject) header.from=otrs.com
  • List-archive: <https://lists.otrs.org/hyperkitty/list/announce AT lists.otrs.org/>
  • List-id: "Announcements about OTRS.org" <announce.lists.otrs.org>
image

Security Advisories

Dear reader,

The following security fix/es was/were made:

OTRS Security Advisory 2023-04

ID: OSA-2023-04
Date: 2023-06-27
Title: Host header injection by attachments in web service
Severity: 6.3 MEDIUM
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.45, OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References: CVE-2023-38060


OTRS Security Advisory 2023-05

ID: OSA-2023-05
Date: 2023-06-29
Title: Code execution via System Configuration
Severity: 7.2 HIGH
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.45, OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References: CVE-2023-38056


OTRS Security Advisory 2023-06

ID: OSA-2023-06
Date: 2023-07-24
Title: Possible XSS stored in survey answers
Severity: 4.1 MEDIUM
Product: Survey 6.0.x, Survey 7.0.x, Survey 8.0.x
Fixed in: Survey 7.0.32, Survey 8.0.13
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
References: CVE-2023-38057


OTRS Security Advisory 2023-07

ID: OSA-2023-07
Date: 2023-07-24
Title: Tickets can be moved without permission
Severity: 4.1 MEDIUM
Product: OTRS 8.0.x
Fixed in: OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
References: CVE-2023-38058


To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/ 
Kind regards, 
Your OTRS release team 
image

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language.

Facebook Twitter LinkedIn YouTube Instagram

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel 
Germany
+49 6172 681988 0



Attachment: smime.p7s
Description: S/MIME cryptographic signature

--
_______________________________________________
announce mailing list -- announce AT lists.otrs.org
To unsubscribe send an email to announce-leave AT lists.otrs.org
To manage your subscription or browse the message archive visit:
https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

  • [IT-SecNots] [announce]New Security Updates for OTRS, Melanie Krueger, 24.07.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang