Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [announce]New Security Updates for OTRS

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [announce]New Security Updates for OTRS


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Melanie Krüger <melanie.krueger AT otrs.com>
  • To: "announce AT otrs.org" <announce AT otrs.org>
  • Subject: [IT-SecNots] [announce]New Security Updates for OTRS
  • Date: Mon, 26 Aug 2024 06:00:00 +0000
  • Accept-language: de-DE, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=otrs.com; dmarc=pass action=none header.from=otrs.com; dkim=pass header.d=otrs.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/25mkdx1k/cgxXKTY4J8Sk9M+8jn+xugVghiXwsgrZU=; b=Lner4jv4TgJUQuIc/8Wd0xukDsH4elRLYZGrAHaiT3ZH16QEr3iIyRdc75yB5AFoHsHPp4DbfB52Vx5LUzKsR19jhSvfOboP/616hWUXfes9v9vq1D+E8eS2cTNNCVQxIp5zIFiqSbVHTOqjPPYLJIZsZFebBvdgKFJf2Nc9pKAzLEgU+gejRWedCOJlEddvuEhv+yqsY2jgcifbDMMJPUK3TXpXdoRI/P1GiiBHQyUzOLDhkuJxBWKBiWxUfBrxeWG4bVSWPxJMUJCpJ7uK6IybdF7dCSzf5oxPBuvxW5NcOQZDFC/l9eVO5C5JWhDQ2qEhp0Zp2ES6pTwk+xDldA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KarXLR0O7b3W8Mw6xyvdHBACmgO+7gDdoKVBEOn7GjaM3gcMrA+ChC4CQi+kv1xgVEjWFxvXm9kWJdL0JwvhZYej2JajhGyAKn0nN8P5Ebt7HCoY1OmONnUAHSayLd7rQh8ihKjDARrdAKoYS37iOuJhqfyAlck3R7teMbBV1UIStidq3GqjWyIbjtDPy0G0kqmU+UnyaJ4zkW6NI0PE3dyXCv7IeGtlRskJ29q3s9vWd+ConiQxBXvJH4KnLXDwn31iMfnCQXbscYig4HdKeGEid3rPR0pBbTDMlHhbNRX6DJ/1lElH5rz9h/r5CK0pxKFlyRvY8kYh2SqZ5Ht4Zg==
  • Archived-at: <https://lists.otrs.org/hyperkitty/list/announce AT lists.otrs.org/message/JEHB3VHMZHHQ6B6VCBFUQTEFSXFWJ54U/>
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=otrs.com;
  • List-archive: <https://lists.otrs.org/hyperkitty/list/announce AT lists.otrs.org/>
  • List-id: "Announcements about OTRS.org" <announce.lists.otrs.org>
  • Msip_labels:
 

Security Advisories
 

Dear reader,

 

The following security fixes were made:

 

OTRS Security Advisory 2024-10

 

ID: OSA-2024-10

Date: 2024-08-26

Title: Stored XSS in System Configuration

Severity CVSS v3.1: 4.9 MEDIUM
Severity CVSS v4.0: 4.8 MEDIUM

Urgency: Moderate

Product: OTRS, ((OTRS)) Community Edition

Fixed in: OTRS 2024.6.1 and OTRS 7.0.51
CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/R:U/RE:M/U:Amber

References: CVE-2024-43442

 

OTRS Security Advisory 2024-11

 

ID: OSA-2024-11
Date: 2024-08-26

Title: Stored XSS in process management

Severity CVSS v3.1: 4.9 MEDIUM
Severity CVSS v4.0: 4.8. MEDIUM
Urgency: Moderate
Product: OTRS, ((OTRS)) Community Edition
Fixed in: OTRS 2024.6.1 and OTRS 7.0.51
CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/R:U/RE:M/U:Amber
References: CVE-2024-43443

 

OTRS Security Advisory 2024-12

 

ID: OSA-2024-12
Date: 2024-08-24

Title: Passwords are written to Admin Log Module

Severity CVSS v3.1: 8.2 HIGH

Severity CVSS v4.0: 8.6 HIGH

Urgency: Low
Product: OTRS, ((OTRS)) Community Edition
Fixed in: OTRS 2024.6.1 and OTRS 7.0.51
CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/R:A/V:D/RE:L/U:Amber
References: CVE-2024-43444

 

To read the entire Security Advisory/Advisories, please follow this link:

https://otrs.com/otrs-software-solutions/otrs/overview-release-notes-security-advisories/security-advisories/

 

Kind regards,

Your OTRS release team
 

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language.
 
Facebook
Twitter
LinkedIn
YouTube
Instagram
 
 

announce mailing list -- announce AT lists.otrs.org
To unsubscribe send an email to announce-leave AT lists.otrs.org

To manage your subscription or browse the message archive visit: https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/


--
_______________________________________________
announce mailing list -- announce AT lists.otrs.org
To unsubscribe send an email to announce-leave AT lists.otrs.org
To manage your subscription or browse the message archive visit:
https://lists.otrs.org/postorius/lists/announce.lists.otrs.org/

  • [IT-SecNots] [announce]New Security Updates for OTRS, Melanie Krüger, 26.08.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang