CVE-2014-1694 Information

Feb 14, 2021 cve

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm (2) CustomerTicketMessage.pm (3) CustomerTicketProcess.pm and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19 3.2.x before 3.2.14 and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.

Reference

http://bugs.otrs.org/show_bug.cgi?id=10099 http://osvdb.org/102632 http://secunia.com/advisories/56644 http://secunia.com/advisories/56655 http://www.debian.org/security/2014/dsa-2867 http://www.openwall.com/lists/oss-security/2014/01/29/15 http://www.openwall.com/lists/oss-security/2014/01/29/7 https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7 https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312 https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77 https://www.otrs.com/release-notes-otrs-help-desk-3-3-4 https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface

Share on: