ad-password arrow-down-ring arrow-left arrow-right auto-select cog customer-id excel-statistics external-link featured github icn-admin icn-developer icn-evaluierung icn-installation icn-keyuser icn-konzeptionierung icn-master icn-performance icn-review last-contact linkedin map-person messages multi-upload no-eye out-of-office password-guidlines pending-time phone plus proxy-support quick-close search service-catalog setting-search shield sugarcrm-integration tag-cloud ticket-create twitter watch-arrow watchlist xing

ZSA-2020-04

jQuery vulnerability

Problem

jQuery is a JavaScript third-party library which is being executed in the client's browser. OTRS Community Edition uses jQuery for all of its availabe frontends (agent, customer and public).

jQuery is vulnerable to "prototype pollution" in versions used by OTRS Community Edition prior to 6.0.26. For details see here: https://snyk.io/test/npm/jquery/3.2.1

Solution

Upgrade to the latest available OTRS patch level (https://ftp.otrs.org/pub/otrs/).

ATTENTION: Please check if you have any OTRS add-ons installed. In this case, these might contain customized OTRS framework files which need to be updated first. Please contact us instead.

Workaround

There is no workaround. Please follow the instructions under "Solution" above.

References