CVE-2014-1694

Published: 04 February 2014

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.

Priority

Medium

Status

Package Release Status
otrs2
Launchpad, Ubuntu, Debian
Upstream
Released (3.3.4-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(3.3.5-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.3.5-1])