Control: retitle -1 otrs2: CVE-2017-17476: OSA-2017-10: Session hijacking Hi
On Tue, Dec 19, 2017 at 09:20:57PM +0100, Salvatore Bonaccorso wrote: > Source: otrs2 > Version: 3.3.9-3 > Severity: grave > Tags: patch security upstream > > Hi > > From > https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ > > > An attacker can send a specially prepared email to an OTRS system. If > > this system has cookie support disabled, and a logged in agent clicks a > > link in this email, the session information could be leaked to external > > systems, allowing the attacker to take over the agent’s session. Ok, MITRE confirmed there is already a CVE for this one: CVE-2017-17476. Regards, Salvatore
