Page MenuHomePhabricator
Create Task
Maniphest T63912

Update OTRS to 3.2.15 (address XSS vulnerability)
Closed, ResolvedPublic
Actions

Description

http://www.otrs.com/security-advisory-2014-03-xss-issue/

"An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed."

Version: wmf-deployment
Severity: normal

Details

Reference
bz61912

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:54 AM
bzimport added a project: Znuny.
bzimport set Reference to bz61912.
pajz created this task.Feb 25 2014, 3:00 PM
Aklapper added a comment.Feb 25 2014, 3:18 PM

Thanks for reporting!

Jeff Green: Could you take a look at this?

Jgreen added a comment.Feb 25 2014, 6:13 PM

I applied the patches for 3.2.x to buy us a little time to plan a a maintenance window for the upgrade.

jeremyb added a comment.Feb 26 2014, 3:05 AM

RT 6916

pajz added a comment.Apr 8 2014, 8:18 PM

Since patch-level updates can be skipped, bug 63685 should be fixed instead of this one.

Jgreen added a comment.Apr 10 2014, 11:24 AM

closing 61912 since we patched to fix the main issue, and now have 63685 which supersedes

Jgreen added a comment.Apr 10 2014, 11:25 AM

*** This bug has been marked as a duplicate of bug 63685 ***

Steinsplitter moved this task from Incoming to Resolved on the Znuny board.Mar 19 2015, 10:27 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL