Upgrade OTRS to 5.0.26
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	akosiaris
	Dec 19 2017, 10:30 AM

Description

From https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/, released today:

An attacker can send a specially prepared email to an OTRS system. If this system has cookie support disabled, and a logged in agent clicks a link in this email, the session information could be leaked to external systems, allowing the attacker to take over the agent’s session.

Let's upgrade to 5.0.26 which has been released already.

Event Timeline

akosiaris created this task.Dec 19 2017, 10:30 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 19 2017, 10:30 AM

Upgrade to 5.0.26 done. Resolving.

• chasemp added a project: Security.Feb 10 2020, 10:52 PM

Restricted Application added a subscriber: Krd. · View Herald TranscriptFeb 10 2020, 10:52 PM

• chasemp removed a project: acl*security.Feb 20 2020, 8:13 PM

Upgrade OTRS to 5.0.26Closed, ResolvedPublicActions

Description

Event Timeline

Upgrade OTRS to 5.0.26
Closed, ResolvedPublic
Actions