Candidate: CVE-2019-9892
PublicDate: 2019-05-22 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9892
 https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/
Description:
 An issue was discovered in Open Ticket Request System (OTRS) 5.x through
 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is
 logged into OTRS as an agent user with appropriate permissions may try to
 import carefully crafted Report Statistics XML that will result in reading
 of arbitrary files on the OTRS filesystem.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [6.5 MEDIUM]


Patches_otrs2:
upstream_otrs2: released (6.0.18-1)
precise/esm_otrs2: DNE
trusty/esm_otrs2: DNE
xenial_otrs2: ignored (end of standard support, was needed)
bionic_otrs2: needed
cosmic_otrs2: ignored (reached end-of-life)
disco_otrs2: ignored (reached end-of-life)
eoan_otrs2: not-affected (6.0.18-1)
focal_otrs2: not-affected (6.0.18-1)
groovy_otrs2: not-affected (6.0.18-1)
hirsute_otrs2: not-affected (6.0.18-1)
impish_otrs2: not-affected (6.0.18-1)
jammy_otrs2: not-affected (6.0.18-1)
devel_otrs2: not-affected (6.0.18-1)