CVE-2018-7567
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-7567
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7567.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-7567
- Related
- Withdrawn
- 2018-03-07T15:57:01Z
- Published
- 2018-03-04T20:29:00Z
- Modified
- 2025-01-14T07:40:49.645836Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.
- References
Affected packages
Debian:11 / otrs2
Package
- Name
- otrs2
- Purl
- pkg:deb/debian/otrs2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.0.4p01-6
2.0.4p01-7
2.0.4p01-8
2.0.4p01-9
2.0.4p01-10
2.0.4p01-11
2.0.4p01-12
2.0.4p01-13
2.0.4p01-14
2.0.4p01-14.1
2.0.4p01-15
2.0.4p01-16
2.0.4p01-17
2.0.4p01-18
2.0.99beta1-1
2.0.99beta1-2
2.1.1-1
2.1.3-1
2.1.4-1
2.1.4-2
2.1.5-1
2.1.5-2
2.1.5-3
2.1.6-1
2.1.7-1
2.1.7-2
2.2.0~beta2-1
2.2.0~beta3-1
2.2.1-1
2.2.2-1
2.2.3-1
2.2.4-1
2.2.5-1
2.2.5-2
2.2.6-1
2.2.7-1
2.2.7-2
2.2.7-2lenny1
2.2.7-2lenny2
2.2.7-2lenny3
2.2.7-3
2.3.2-1
2.3.2-2
2.3.3-1
2.3.4-1
2.3.4-2
2.3.4-3
2.3.4-4
2.3.4-5
2.3.4-6
2.3.4-7
2.4.5-1
2.4.5-2
2.4.5-3
2.4.5-4
2.4.5-5
2.4.6-1
2.4.6-2
2.4.7-1
2.4.7-2
2.4.7-3
2.4.7-4
2.4.7-5
2.4.7-6
2.4.7+dfsg1-1
2.4.8+dfsg1-1
2.4.9+dfsg1-1
2.4.9+dfsg1-2
2.4.9+dfsg1-3
2.4.9+dfsg1-3+squeeze1
2.4.9+dfsg1-3+squeeze3
2.4.9+dfsg1-3+squeeze4
2.4.9+dfsg1-3+squeeze5
2.4.9+dfsg1-4
2.4.9+dfsg1-5
2.4.10+dfsg1-1
2.4.10+dfsg1-2
2.4.10+dfsg1-3
3.*
3.0.8+dfsg1-1
3.0.9+dfsg1-1
3.0.10+dfsg1-1
3.0.10+dfsg1-2
3.0.11+dfsg1-1
3.1.0~beta4+dfsg1-1
3.1.0~beta5+dfsg1-1
3.1.0~rc1+dfsg1-1
3.1.1+dfsg1-1
3.1.1+dfsg1-2
3.1.2+dfsg1-1
3.1.2+dfsg1-2
3.1.2+dfsg1-3
3.1.3+dfsg1-1
3.1.3+dfsg1-2
3.1.4+dfsg1-1
3.1.5+dfsg1-1
3.1.5+dfsg1-2
3.1.5+dfsg1-3
3.1.6+dfsg1-1
3.1.7+dfsg1-1
3.1.7+dfsg1-2
3.1.7+dfsg1-3
3.1.7+dfsg1-4
3.1.7+dfsg1-5
3.1.7+dfsg1-6
3.1.7+dfsg1-7
3.1.7+dfsg1-8
3.1.8+dfsg1-1
3.1.9+dfsg1-1
3.1.10+dfsg1-1
3.1.11+dfsg1-1
3.1.12+dfsg1-1
3.1.12+dfsg1-2
3.1.12+dfsg1-3
3.2.1+dfsg1-1
3.2.2+dfsg1-1
3.2.3+dfsg1-1
3.2.4-1
3.2.5-1
3.2.6-1
3.2.6-2
3.2.7-1
3.2.7-2
3.2.8-1
3.2.9-1
3.2.9-2
3.2.10-1
3.2.10-2
3.2.11-1~bpo70+1
3.2.11-1
3.2.12-1
3.3.1-1
3.3.2-1
3.3.3-1
3.3.3-2
3.3.3-3
3.3.4-1
3.3.5-1
3.3.6-1
3.3.7-1
3.3.7-2
3.3.8-1
3.3.9-1
3.3.9-2
3.3.9-3~bpo70+1
3.3.9-3
3.3.10-1
3.3.11-1
3.3.18-1~deb7u1
3.3.18-1~deb7u2
3.3.18-1~deb7u3
4.*
4.0.5-1
4.0.5-2
4.0.6-1
4.0.7-1
4.0.7-2
4.0.8-1
4.0.9-1
4.0.10-1
4.0.11-1
4.0.12-1
4.0.13-1~bpo8+1
4.0.13-1
5.*
5.0.1-1
5.0.1-2
5.0.2-1
5.0.3-1
5.0.5-1
5.0.6-1~bpo8+1
5.0.6-1
5.0.7-1
5.0.8-1~bpo8+1
5.0.8-1
5.0.8+dfsg1-1
5.0.9+dfsg1-1
5.0.9+repack1-1
5.0.10-1~bpo8+1
5.0.10-1
5.0.11-1
5.0.12-1
5.0.13-1~bpo8+1
5.0.13-1
5.0.13-2
5.0.14-1~bpo8+1
5.0.14-1
5.0.15-1
5.0.16-1~bpo8+1
5.0.16-1
5.0.17-1
5.0.18-1
5.0.19-1
5.0.20-1
5.0.21-1~bpo9+1
5.0.21-1
5.0.22-1
5.0.23-1~bpo9+1
5.0.23-1
5.0.24-1~bpo9+1
5.0.24-1
6.*
6.0.1-1
6.0.2-1
6.0.3-1
6.0.4-1
6.0.5-1
6.0.6-1
6.0.7-1
6.0.8-1~bpo9+1
6.0.8-1
6.0.9-1~bpo9+1
6.0.9-1
6.0.10-1
6.0.11-1~bpo9+1
6.0.11-1
6.0.12-1~bpo9+1
6.0.12-1
6.0.13-1
6.0.14-1
6.0.15-1
6.0.16-1
6.0.16-2
6.0.17-1
6.0.18-1
6.0.19-1
6.0.20-1~bpo10+1
6.0.20-1
6.0.21-1
6.0.22-1
6.0.23-1
6.0.23-2
6.0.24-1~bpo10+1
6.0.24-1
6.0.25-1
6.0.25-2
6.0.25-3~bpo10+1
6.0.25-3
6.0.26-1~bpo10+1
6.0.26-1
6.0.27-1~bpo10+1
6.0.27-1
6.0.28-1~bpo10+1
6.0.28-1
6.0.28-2
6.0.29-1~bpo10+1
6.0.29-1
6.0.30-1~bpo10+1
6.0.30-1
6.0.30-2
6.0.32-1
6.0.32-2~bpo10+1
6.0.32-2
6.0.32-4
6.0.32-5~bpo10+1
6.0.32-5
6.0.32-6
6.0.36-2~bpo11+1
6.0.36-2
6.1.2-1~bpo11+1
6.1.2-1
6.2.1-1
6.2.2-1
6.2.2-2
6.3.1-1
6.3.2-1
Git / github.com/otrs/otrs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/otrs/otrs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
Affected versions
Other
rel-1_0_0-RC1
rel-1_0_0-RC2
rel-1_0_0-RC3
rel-1_0_0_rc1
rel-1_0_0_rc2
rel-1_0_0_rc3
rel-1_1_0-RC1
rel-1_1_0-RC2
rel-1_1_0_rc1
rel-1_1_0_rc2
rel-1_2_0-b1
rel-1_2_0-b2
rel-1_2_0-b3
rel-1_2_0_beta1
rel-1_2_0_beta2
rel-1_2_0_beta3
rel-1_2_1
rel-2_0_0-b1
rel-2_0_0_beta1
rel-2_0_1
rel-2_0_2
rel-2_0_3
rel-2_1_0-b1
rel-2_1_0-b2
rel-2_1_0_beta1
rel-2_1_0_beta2
rel-2_1_1
rel-2_1_2
rel-2_1_3
rel-2_2_0-b1
rel-2_2_0-b2
rel-2_2_0-b3
rel-2_2_0-b4
rel-2_2_0_beta1
rel-2_2_0_beta2
rel-2_2_0_beta3
rel-2_2_0_beta4
rel-2_2_1
rel-2_2_2
rel-2_3_1
rel-2_3_2
rel-2_4_0-b2
rel-2_4_0-b3
rel-2_4_0-b4
rel-2_4_0-b6
rel-2_4_0_beta2
rel-2_4_0_beta3
rel-2_4_0_beta4
rel-2_4_0_beta6
rel-2_4_1
rel-2_4_2
rel-2_4_3
rel-2_4_4
rel-3_0_0-b2
rel-3_0_0-b3
rel-3_0_0-b4
rel-3_0_0-b5
rel-3_0_0-b7
rel-3_0_0_beta2
rel-3_0_0_beta3
rel-3_0_0_beta4
rel-3_0_0_beta5
rel-3_0_0_beta7
rel-3_0_1
rel-3_0_2
rel-3_0_3
rel-3_0_4
rel-3_1_0-b1
rel-3_1_0-b3
rel-3_1_0-b4
rel-3_1_0-b5
rel-3_1_0-rc1
rel-3_1_0_beta1
rel-3_1_0_beta3
rel-3_1_0_beta4
rel-3_1_0_beta5
rel-3_1_0_rc1
rel-3_1_2
rel-3_1_4
rel-3_2_0_beta1
rel-3_2_0_beta2
rel-3_2_0_beta3
rel-3_2_0_beta4
rel-3_2_0_beta5
rel-3_2_0_rc1
rel-3_2_1
rel-3_2_2
rel-3_2_3
rel-3_2_4
rel-3_3_0_beta1
rel-3_3_0_beta2
rel-3_3_0_beta3
rel-3_3_0_beta4
rel-3_3_0_beta5
rel-3_3_0_rc1
rel-3_3_1
rel-4_0_0_beta1
rel-4_0_0_beta2
rel-4_0_0_beta3
rel-4_0_0_beta4
rel-4_0_0_beta5
rel-4_0_0_rc1
rel-5_0_0_alpha1
rel-5_0_0_beta1
rel-5_0_0_beta2
rel-5_0_0_beta3
rel-5_0_0_beta4
rel-5_0_0_beta5
rel-5_0_0_rc1
rel-5_0_1
rel-5_0_10
rel-5_0_11
rel-5_0_12
rel-5_0_13
rel-5_0_14
rel-5_0_15
rel-5_0_16
rel-5_0_17
rel-5_0_18
rel-5_0_19
rel-5_0_2
rel-5_0_20
rel-5_0_21
rel-5_0_22
rel-5_0_23
rel-5_0_3
rel-5_0_4
rel-5_0_5
rel-5_0_6
rel-5_0_7
rel-5_0_8
rel-5_0_9