SB2019061713 - Input validation error in Debian Linux

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2019-12248)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources.

Remediation

Install update from vendor's website.

References

• http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
• https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html
• https://www.otrs.com/category/release-and-security-notes-en/