Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [announce]New Security Updates for OTRS

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [announce]New Security Updates for OTRS


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Melanie Krueger <melanie.krueger AT otrs.com>
  • To: announce AT otrs.org
  • Subject: [IT-SecNots] [announce]New Security Updates for OTRS
  • Date: Mon, 29 Jan 2024 10:36:25 +0100
  • Archived-at: <https://lists.otrs.org/hyperkitty/list/announce AT lists.otrs.org/message/LFSBJ5PTDE2EILWMYBQAFPQFNAMRI4FW/>
  • List-archive: <https://lists.otrs.org/hyperkitty/list/announce AT lists.otrs.org/>
  • List-id: "Announcements about OTRS.org" <announce.lists.otrs.org>


Security Advisories

 
Dear reader,

 

The following security fixes were made:

 

OTRS Security Advisory 2024-01

 

ID: OSA-2024-01
Date: 2024-01-29
Title: Missing file type check in avatar picture upload
Severity: 3.5 LOW
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2024-23790

 

OTRS Security Advisory 2024-02

 

ID: OSA-2024-02
Date: 2024-01-29
Title: Unnecessary data is written to log if issues during indexing occurs
Severity: 4.9 MEDIUM
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References: CVE-2024-23791

 

OTRS Security Advisory 2024-03

 

ID: OSA-2024-03
Date: 2024-01-29
Title: Insufficient access control
Severity: 5.3 MEDIUM
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
References: CVE-2024-23792

 

OTRS Security Advisory 2024-04

 

ID: OSA-2024-04
Date: 2024-01-29
Title: A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor
Severity: 6.1 MEDIUM
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1, OTRSAdvancedEditor 7.0.33, OTRSAdvancedEditor 2024.1.1
FULL CVSS v3.1 VECTOR: OTRSAdvancedEditor 2024.1.1
References: CVE-2021-33829

 

To read the entire Security Advisory/Advisories, please follow this link:

 

Kind regards,
Your OTRS release team
 

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language.
 
Facebook
Twitter
LinkedIn
YouTube
Instagram
 
 


Attachment: smime.p7s
Description: S/MIME cryptographic signature

--
_______________________________________________
announce mailing list -- announce AT lists.otrs.org
To unsubscribe send an email to announce-leave AT lists.otrs.org
To manage your subscription or browse the message archive visit:
https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

  • [IT-SecNots] [announce]New Security Updates for OTRS, Melanie Krueger, 29.01.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang