664326 – (CVE-2018-14593) www-apps/otrs: privilege escalation (CVE-2018-14593)

Bug 664326 (CVE-2018-14593) - www-apps/otrs: privilege escalation (CVE-2018-14593)

Summary: www-apps/otrs: privilege escalation (CVE-2018-14593)

Status:	RESOLVED FIXED

Alias:	CVE-2018-14593

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://community.otrs.com/security-a...
Whiteboard:	~1 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-08-22 23:12 UTC by GLSAMaker/CVETool Bot
Modified:	2020-07-09 12:48 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2018-11563, CVE-2019-12248, CVE-2019-12497, CVE-2019-12746, CVE-2019-13458, CVE-2019-18179, CVE-2019-18180, CVE-2019-9751, CVE-2019-9752, CVE-2019-9892, CVE-2020-1765, CVE-2020-1766, CVE-2020-1767, CVE-2020-1768, CVE-2020-1769, CVE-2020-1770, CVE-2020-1771, CVE-2020-1772, CVE-2020-1773, CVE-2020-1774
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2018-08-22 23:12:32 UTC

CVE-2018-14593 (https://nvd.nist.gov/vuln/detail/CVE-2018-14593):
  An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through
  6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is
  logged into OTRS as an agent may escalate their privileges by accessing a
  specially crafted URL.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-22 23:14:38 UTC

ID: OSA-2018-03
Date: 2018-07-31
Title: Privilege Escalation
Severity: 7.2 High
Product: OTRS 6.0.x, OTRS 5.0.x, OTRS 4.0.x
Fixed in: OTRS 6.0.10, OTRS 5.0.29, OTRS 4.0.31
FULL CVSS v3 VECTOR: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:H/RL:O/RC:C
References: CVE-2018-14593

Vulnerability Description
=========================

This advisory covers vulnerabilities discovered in the OTRS framework.


Privilege Escalation
====================
An attacker who is logged into OTRS as a user may escalate their privileges by accessing a specially crafted URL.


Affected by this vulnerability are all releases of OTRS 6.0.x up to and including 6.0.9, OTRS 5.0.x up to and including 5.0.28, and OTRS 4.0.x up to and including 4.0.30.

This vulnerability is fixed in the latest versions of OTRS, and it is recommended to upgrade to the latest patch level.

Fixed releases can be found at:

    https://www.otrs.com/category/release-and-security-notes-en/

Detailed information about the changes:

OTRS 6:

    https://github.com/OTRS/otrs/commit/57cda14db8fdbcbfb8cabb32d85fbc89fde48c62

OTRS 5

    https://github.com/OTRS/otrs/commit/7b6802723e1f5d1764b617e9fcf0a8dd21e96216

OTRS 4

    https://github.com/OTRS/otrs/commit/78331ea187181d6130189d4563a50b4c30256320

However, to avoid unwanted side effects, we recommend a complete update.

Thanks to Francesco Sirocco for discovering and reporting this issue.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-22 23:15:24 UTC

Privilege escalation within the web-app, not on the running host itself.

Comment 3 Larry the Git Cow gentoo-dev

2020-06-04 19:15:02 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa950e734b5caed317ac64dff518b8b33b797ba0

commit aa950e734b5caed317ac64dff518b8b33b797ba0
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-06-04 18:25:22 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-06-04 19:14:37 +0000

    www-apps/otrs: Last rites
    
    Bug: https://bugs.gentoo.org/692398
    Bug: https://bugs.gentoo.org/664326
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Closes: https://github.com/gentoo/gentoo/pull/15907
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)

Comment 4 Larry the Git Cow gentoo-dev

2020-07-09 12:43:29 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=934a47e2dfc9eb2ff6a38198622584ef458f028d

commit 934a47e2dfc9eb2ff6a38198622584ef458f028d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-07-09 12:41:39 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-09 12:43:17 +0000

    www-apps/otrs: remove last-rited package
    
    www-apps/otrs had a large number of vulnerabilities
    and was unmaintained within Gentoo.
    
    Bug: https://bugs.gentoo.org/692398
    Bug: https://bugs.gentoo.org/664326
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/base/package.use.stable.mask |   1 -
 profiles/package.mask                 |   6 --
 www-apps/otrs/Manifest                |   5 --
 www-apps/otrs/files/otrs.service      |  13 ---
 www-apps/otrs/metadata.xml            |  11 ---
 www-apps/otrs/otrs-5.0.25.ebuild      | 154 ---------------------------------
 www-apps/otrs/otrs-6.0.3.ebuild       | 156 ---------------------------------
 www-apps/otrs/otrs-6.0.4.ebuild       | 156 ---------------------------------
 www-apps/otrs/otrs-6.0.5.ebuild       | 156 ---------------------------------
 www-apps/otrs/otrs-6.0.7.ebuild       | 157 ----------------------------------
 10 files changed, 815 deletions(-)

Comment 5 Sam James archtester

2020-07-09 12:47:31 UTC

Tree is now clean. Package was ~ so noglsa. Closing.