| Summary: | <www-apps/otrs-3.2.4: XSS vulnerability (CVE-2012-4751,CVE-2013-2625) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | patrick, web-apps |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
GLSAMaker/CVETool Bot
2012-10-22 22:30:53 UTC
https://secunia.com/advisories/52969/ : Description A vulnerability has been reported in OTRS Help Desk, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to an error within the object linking mechanism, which does not properly check for access restrictions and can be exploited to view otherwise restricted ticket titles and objects or place and remove links to objects. The vulnerability is reported in versions prior to 3.2.4, 3.1.14, and 3.0.19. Solution Update to version 3.2.4, 3.1.14, or 3.0.19. Provided and/or discovered by The vendor credits André Luerssen. Original Advisory http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-01/ 3.2.4 is in tree. @maintainers: bump to 3.1.14 if you like, and please clean up. ping for cleanup Maintainer timeout, cleanup done, closing noglsa. @maintainers: Dropped the 3.1 branch since you all didn't bump it and 3.2 is getting the updates anyway. |
