Debian Linux Security Advisory 3876-1 - Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges.
3a6ffdf219b6f3284de6dbaa2d64b2c5e30693101286de7f1987cbef8b17bc93
Due to insufficient checking of privileges, it is possible to access the OTRS Install dialog of an already installed instance, which enables an authenticated attacker to change the database settings, superuser password, mail server settings, log file location and other parameters. Versions affected include OTRS 5.0.x, OTRS 4.0.x, and OTRS 3.3.x.
21f3598970b7ae6cfb31cada4cccc9ed918166bc63d7eb4d159c64b23c2c0334