Security Advisories

Dear reader,

The following security fix/es was/were made:

OTRS Security Advisory 2023-04

ID: OSA-2023-04
Date: 2023-06-27
Title: Host header injection by attachments in web service
Severity: 6.3 MEDIUM
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.45, OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References: CVE-2023-38060

OTRS Security Advisory 2023-05

ID: OSA-2023-05
Date: 2023-06-29
Title: Code execution via System Configuration
Severity: 7.2 HIGH
Product: ((OTRS)) Community Edition 6.0.x, OTRS 7.0.x, OTRS 8.0.x
Fixed in: OTRS 7.0.45, OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References: CVE-2023-38056

OTRS Security Advisory 2023-06

ID: OSA-2023-06
Date: 2023-07-24
Title: Possible XSS stored in survey answers
Severity: 4.1 MEDIUM
Product: Survey 6.0.x, Survey 7.0.x, Survey 8.0.x
Fixed in: Survey 7.0.32, Survey 8.0.13
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
References: CVE-2023-38057

OTRS Security Advisory 2023-07

ID: OSA-2023-07
Date: 2023-07-24
Title: Tickets can be moved without permission
Severity: 4.1 MEDIUM
Product: OTRS 8.0.x
Fixed in: OTRS 8.0.35
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
References: CVE-2023-38058

To read the entire Security Advisory/Advisories, please follow this link:
https://otrs.com/overview-release-notes-security-advisories/security-advisories/

Kind regards,
Your OTRS release team

Subscribe to the OTRS Newsletter.

Read about OTRS service management solutions, product features, and interesting tips from our experts every month. Simply select your desired language.

Visit www.otrs.com or contact us.

OTRS AG

Zimmersmühlenweg 11
61440 Oberursel
Germany
+49 6172 681988 0