Candidate: CVE-2018-14593
PublicDate: 2018-08-04 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14593
 https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/
 https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de
Description:
 An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through
 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is
 logged into OTRS as an agent may escalate their privileges by accessing a
 specially crafted URL.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_otrs2:
upstream_otrs2: released (6.0.10-1)
precise/esm_otrs2: DNE
trusty_otrs2: ignored (reached end-of-life)
trusty/esm_otrs2: DNE (trusty was needs-triage)
xenial_otrs2: ignored (end of standard support, was needed)
bionic_otrs2: needed
cosmic_otrs2: not-affected (6.0.10-1)
disco_otrs2: not-affected (6.0.10-1)
eoan_otrs2: not-affected (6.0.10-1)
focal_otrs2: not-affected (6.0.10-1)
groovy_otrs2: not-affected (6.0.10-1)
hirsute_otrs2: not-affected (6.0.10-1)
impish_otrs2: not-affected (6.0.10-1)
jammy_otrs2: not-affected (6.0.10-1)
devel_otrs2: not-affected (6.0.10-1)