Bug 1141432 - (CVE-2019-13458) VUL-1: CVE-2019-13458: otrs: logged in agent with appropriate permissions can leverage OTRS tags in templates
(CVE-2019-13458)
VUL-1: CVE-2019-13458: otrs: logged in agent with appropriate permissions can...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 15.1
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Christian Wittmer
Security Team bot
https://smash.suse.de/issue/237105/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-15 08:33 UTC by Alexander Bergmann
Modified: 2020-09-23 13:21 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-07-15 08:33:13 UTC
CVE-2019-13458

Security Advisory 2019-12: Security Update for OTRS Framework

Security Advisory Details:
ID: OSA-2019-12
Date: 2019-07-12
Title: Information Disclosure
Severity: 2.4. Low
Product: OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
Fixed in: OTRS 7.0.9, OTRS 6.0.20, OTRS 5.0.37
FULL CVSS v3 VECTOR: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
References: CVE-2019-13458


Vulnerability Description:
This advisory covers vulnerabilities discovered in the OTRS framework.

Privilege Escalation:
An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS tags in templates in order to disclose hashed user passwords.

Affected by this vulnerability are all releases of OTRS 7.0.x up to and including 7.0.8, OTRS 6.0.x up to and including 6.0.19, OTRS 5.0.x up to and including 5.0.36.

This vulnerability is fixed in the latest versions of OTRS, and it is recommended to upgrade to the latest patch level.

Fixed releases can be found at:
https://www.otrs.com/category/release-and-security-notes-en/

Detailed information about the changes:
OTRS 6.0
https://github.com/OTRS/otrs/commit/69430f260d52e5a7afc185048da0cfc2eef2659a
OTRS 5.0
https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2

However, to avoid unwanted side effects, we recommend a complete update.

Thanks to Marvin Voormann for discovering and reporting this issue.

References:
https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13458
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13458.html
Comment 1 Christian Wittmer 2019-07-20 11:36:57 UTC
ongoing work
Comment 2 Swamp Workflow Management 2019-07-22 19:30:14 UTC
This is an autogenerated message for OBS integration:
This bug (1141432) was mentioned in
https://build.opensuse.org/request/show/717673 Factory / otrs
Comment 3 Christian Wittmer 2019-12-28 18:05:21 UTC
fixed
Comment 4 Swamp Workflow Management 2020-04-08 12:40:32 UTC
This is an autogenerated message for OBS integration:
This bug (1141432) was mentioned in
https://build.opensuse.org/request/show/792434 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs
Comment 5 Swamp Workflow Management 2020-04-09 10:20:26 UTC
This is an autogenerated message for OBS integration:
This bug (1141432) was mentioned in
https://build.opensuse.org/request/show/792677 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs
https://build.opensuse.org/request/show/792678 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs
Comment 6 Swamp Workflow Management 2020-04-22 12:40:27 UTC
This is an autogenerated message for OBS integration:
This bug (1141432) was mentioned in
https://build.opensuse.org/request/show/796277 15.1 / otrs
Comment 7 Swamp Workflow Management 2020-04-25 19:14:26 UTC
openSUSE-SU-2020:0551-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
Sources used:
openSUSE Leap 15.1 (src):    otrs-5.0.42-lp151.2.3.1
openSUSE Backports SLE-15-SP1 (src):    otrs-5.0.42-bp151.3.3.1
openSUSE Backports SLE-15 (src):    otrs-5.0.42-bp150.2.10.1
Comment 8 Swamp Workflow Management 2020-09-20 04:22:28 UTC
openSUSE-SU-2020:1475-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    otrs-6.0.29-lp152.2.3.4
openSUSE Leap 15.1 (src):    otrs-6.0.29-lp151.2.6.2
openSUSE Backports SLE-15-SP2 (src):    otrs-6.0.29-bp152.2.5.4
openSUSE Backports SLE-15-SP1 (src):    otrs-6.0.29-bp151.3.6.2
Comment 9 Swamp Workflow Management 2020-09-23 13:21:18 UTC
openSUSE-SU-2020:1509-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    otrs-6.0.29-bp152.2.8.1