CVE-2018-7567

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 5.0.0 through 5.0.24 Open Ticket Request System (OTRS) versions 6.0.0 through 6.0.1

Description The issue allows authenticated admins to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. The vendor disputes this issue, stating that the behavior is as designed and needed for different packages to be installed, and that there is a security warning if the package is not verified by OTRS Group. Additionally, the vendor notes that admins have the possibility and responsibility to check packages before installation, which is possible since they are not binary.

Recommendations For Open Ticket Request System (OTRS) versions 5.0.0 through 5.0.24, consider disabling the package installation feature until a resolution is provided. For Open Ticket Request System (OTRS) versions 6.0.0 through 6.0.1, consider disabling the package installation feature until a resolution is provided. As a temporary workaround, consider restricting the use of the CodeInstall element in opm files to minimize the risk of exploitation.