Back to search
CVE-2014-1694
Published: Feb 4, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
102632
vdb-entry
x_refsource_OSVDB
https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7
x_refsource_CONFIRM
[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface
mailing-list
x_refsource_MLIST
https://www.otrs.com/release-notes-otrs-help-desk-3-3-4
x_refsource_CONFIRM
https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312
x_refsource_CONFIRM
56655
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20140129 CVE Request: otrs: CSRF issue in customer web interface
mailing-list
x_refsource_MLIST
https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77
x_refsource_CONFIRM
56644
third-party-advisory
x_refsource_SECUNIA
DSA-2867
vendor-advisory
x_refsource_DEBIAN
http://bugs.otrs.org/show_bug.cgi?id=10099
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now