mailing list archives
CVE Request: otrs: CSRF issue in customer web interface
From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 29 Jan 2014 10:57:57 +0100
A CSRF issue in otrs was announced in . Is a CVE for this issue
From upstream announcement:
An attacker that managed to take over the session of a logged in
customer could create tickets and/or send follow-ups to existing
tickets due to missing challenge token checks.
Commits for various branches (3.1.x, 3.2.x and 3.3.x) are in , 
Bugreport at .
- CVE Request: otrs: CSRF issue in customer web interface Salvatore Bonaccorso (Jan 29)