CVE-2018-14593

Priority
Description
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through
6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is
logged into OTRS as an agent may escalate their privileges by accessing a
specially crafted URL.
Notes
Package
Source: otrs2 (LP Ubuntu Debian)
Upstream:released (6.0.10-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (6.0.10-1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (6.0.10-1)
More Information

Updated: 2020-10-24 06:48:45 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)