Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.853442 |
Categoría: | SuSE Local Security Checks |
Título: | openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:1475-1) |
Resumen: | The remote host is missing an update for the 'Recommended'; package(s) announced via the openSUSE-SU-2020:1475-1 advisory. |
Descripción: | Summary: The remote host is missing an update for the 'Recommended' package(s) announced via the openSUSE-SU-2020:1475-1 advisory. Vulnerability Insight: Otrs was updated to 5.0.42, fixing lots of bugs and security issues: - CVE-2020-1773 boo#1168029 OSA-2020-10: * Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. - CVE-2020-1772 boo#1168029 OSA-2020-09: * Information Disclosure It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. - CVE-2020-1771 boo#1168030 OSA-2020-08: * Possible XSS in Customer user address book Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. - CVE-2020-1770 boo#1168031 OSA-2020-07: * Information disclosure in support bundle files Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. - CVE-2020-1769 boo#1168032 OSA-2020-06: * Autocomplete in the form login screens In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. * bug#14912 - Installer refers to non-existing documentation - added code to upgrade OTRS from 4 to 5 READ UPGRADING.SUSE * steps 1 to 4 are done by rpm pkg * steps 5 to *END* need to be done manually cause of DB backup Update to 5.0.40 - CVE-2020-1766 boo#1160663 OSA-2020-02: Improper handling of uploaded inline images Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. * CVE-2020-1765, OSA-2020-01: Spoofing of From field in several screens An improper ... Description truncated. Please see the references for more information. Affected Software/OS: 'Recommended' package(s) on openSUSE Leap 15.2, openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-9752 https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html SuSE Security Announcement: openSUSE-SU-2020:0551 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html SuSE Security Announcement: openSUSE-SU-2020:1475 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html SuSE Security Announcement: openSUSE-SU-2020:1509 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html Common Vulnerability Exposure (CVE) ID: CVE-2019-9892 https://lists.debian.org/debian-lts-announce/2019/05/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2020-1765 https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2020-1766 Common Vulnerability Exposure (CVE) ID: CVE-2020-1769 https://otrs.com/release-notes/otrs-security-advisory-2020-06/ Common Vulnerability Exposure (CVE) ID: CVE-2020-1770 https://otrs.com/release-notes/otrs-security-advisory-2020-07/ https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2020-1771 https://otrs.com/release-notes/otrs-security-advisory-2020-08/ Common Vulnerability Exposure (CVE) ID: CVE-2020-1772 https://otrs.com/release-notes/otrs-security-advisory-2020-09/ Common Vulnerability Exposure (CVE) ID: CVE-2020-1773 https://otrs.com/release-notes/otrs-security-advisory-2020-10/ |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |