Vulnerabilities > CVE-2018-16586
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 2 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4317.NASL description Three vulnerabilities were discovered in the Open Ticket Request System which could result in privilege escalation or denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 118099 published 2018-10-15 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118099 title Debian DSA-4317-1 : otrs2 - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1521.NASL description Fabien Arnoux discovered several security issues in email validation of otrs system. CVE-2018-16586 Load external image or CSS resources in browser when user opens a malicious email. CVE-2018-16587 Remote deletions of arbitrary files that the OTRS web server user has write access when opening malicious email. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 117714 published 2018-09-27 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117714 title Debian DLA-1521-1 : otrs2 security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1106.NASL description This update for otrs to version 4.0.32 fixes the following issues : These security issues were fixed : - CVE-2018-16586: An attacker could have sent a malicious email to an OTRS system. If a logged in user opens it, the email could have caused the browser to load external image or CSS resources (bsc#1109822). - CVE-2018-16587: An attacker could have sent a malicious email to an OTRS system. If a user with admin permissions opens it, it caused deletions of arbitrary files that the OTRS web server user has write access to (bsc#1109823). - CVE-2018-14593: An attacker who is logged into OTRS as an agent may have escalated their privileges by accessing a specially crafted URL (bsc#1103800). These non-security issues were fixed : - fixed permissions file @OTRS_ROOT@/var/tmp -> @OTRS_ROOT@/var/tmp/ - ACL for Action AgentTicketBulk were inconsistent. last seen 2020-06-05 modified 2018-10-05 plugin id 117931 published 2018-10-05 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117931 title openSUSE Security Update : otrs (openSUSE-2018-1106) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-748.NASL description This update for otrs to version 4.0.32 fixes the following issues : These security issues were fixed : - CVE-2018-16586: An attacker could have sent a malicious email to an OTRS system. If a logged in user opens it, the email could have caused the browser to load external image or CSS resources (bsc#1109822). - CVE-2018-16587: An attacker could have sent a malicious email to an OTRS system. If a user with admin permissions opens it, it caused deletions of arbitrary files that the OTRS web server user has write access to (bsc#1109823). - CVE-2018-14593: An attacker who is logged into OTRS as an agent may have escalated their privileges by accessing a specially crafted URL (bsc#1103800). These non-security issues were fixed : - fixed permissions file @OTRS_ROOT@/var/tmp -> @OTRS_ROOT@/var/tmp/ - ACL for Action AgentTicketBulk were inconsistent. last seen 2020-06-01 modified 2020-06-02 plugin id 123320 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123320 title openSUSE Security Update : otrs (openSUSE-2019-748)
References
- https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html
- https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302
- https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7
- https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963
- https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/
- https://www.debian.org/security/2018/dsa-4317