Search CVE reports
1 – 10 of 129 results
CVE-2024-23792
Medium priorityWhen adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the...
2 affected packages
otrs2, znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
znuny | Needs evaluation | Not in release | Not in release | Not in release | Not in release |
CVE-2024-23791
Medium priorityInsertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X...
2 affected packages
otrs2, znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
znuny | Needs evaluation | Not in release | Not in release | Not in release | Not in release |
CVE-2024-23790
Medium priorityImproper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37,...
2 affected packages
otrs2, znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
znuny | Needs evaluation | Not in release | Not in release | Not in release | Not in release |
CVE-2023-6254
High priorityA Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37.
2 affected packages
otrs2, znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
znuny | Needs evaluation | Not in release | Not in release | Ignored | Ignored |
CVE-2023-5422
Medium priorityThe functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it...
2 affected packages
otrs2, znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
znuny | Needs evaluation | Not in release | Not in release | Not in release | Not in release |
CVE-2023-5421
Low priorityAn attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue...
2 affected packages
otrs2, znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
znuny | Needs evaluation | Not in release | Not in release | Not in release | Not in release |
CVE-2023-38059
Medium priorityThe loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from...
2 affected packages
otrs2, znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
znuny | Needs evaluation | Not in release | Not in release | Ignored | Ignored |
CVE-2023-38060
Medium priorityImproper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header...
2 affected packages
otrs2, znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
znuny | Needs evaluation | Not in release | Not in release | Ignored | Ignored |
CVE-2023-38058
Medium priorityAn improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X...
2 affected packages
otrs2, znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
znuny | Needs evaluation | Not in release | Not in release | Ignored | Ignored |
CVE-2023-38057
Medium priorityAn improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack...
2 affected packages
otrs2, znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
znuny | Needs evaluation | Not in release | Not in release | Ignored | Ignored |