Debian LTS: DLA-3551-1 Moderate: OTRS2 Multiple Threats Advisory
debian lts
August 31, 2023
Multiple vulnerabilities were found in otrs2, the Open-Source Ticket Request System, which could lead to impersonation, denial of service, information disclosure, or execution of a...
Summary
CVE-2019-11358
A Prototype Pollution vulnerability was discovered in OTRS' embedded
jQuery 3.2.1 copy, which could allow sending drafted messages as
wrong agent.
This vulnerability is also known as OSA-2020-05.
CVE-2019-12248
Matthias Terlinde discovered that when an attacker sends a malicious
email to an OTRS system and a logged in agent user later quotes it,
the email could cause the browser to load external image resources.
A new configuration setting âTicket::Frontend::BlockLoadingRemoteContentâ
has been added as part of the fix. It controls whether external
content should be loaded, and it is disabled by default.
This vulnerability is also known as OSA-2019-08.
CVE-2019-12497
Jens Meister discovered that in the customer or external frontend,
personal information of agents, like Name and mail address in
external notes, could be disclosed.
PREVIOUS
NEXT
Package: otrs2
Version: 6.0.16-2+deb10u1
CVE ID: CVE-2019-11358 CVE-2019-12248 CVE-2019-12497 CVE-2019-12746
Debian Bug: 945251 959448 980891 989992 991593
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!