DSA-4069-1 otrs2 -- otrs2
|ID: oval:org.secpod.oval:def:603218||Date: (C)2017-12-27 (M)2018-02-06|
|Class: PATCH||Family: unix|
Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent"s session if the agent is tricked into clicking a link in a specially crafted mail.