修正版
unknown
unknown
CVE-2022-0475 describes a Cross-Site Scripting (XSS) vulnerability discovered in OTRS. An attacker, specifically a malicious translator, can inject JavaScript code into translatable strings where HTML is permitted. This injected code could then be executed within the Package manager, potentially leading to unauthorized actions or data theft. This vulnerability impacts OTRS versions 7.0.x prior to 7.0.32 and 8.0.x prior to 8.0.19. A patch is available to resolve this issue.
The primary impact of CVE-2022-0475 is the potential for arbitrary JavaScript execution within the OTRS Package manager. A successful exploit could allow an attacker to steal sensitive data, modify system configurations, or even gain control of the OTRS instance. Given that OTRS is often used for customer service and support, this could expose customer data, internal communications, and other confidential information. The ability to execute code within the Package manager significantly expands the attack surface, potentially allowing for persistent backdoors or further exploitation of the system. While the CVSS score is LOW, the potential for data compromise and system manipulation warrants immediate attention.
CVE-2022-0475 was publicly disclosed on March 21, 2022. No known active exploitation campaigns have been reported at the time of writing. There are currently no public proof-of-concept exploits available. The vulnerability has not been added to the CISA KEV catalog. The LOW CVSS score suggests a relatively low probability of exploitation, but proactive mitigation is still recommended.
Organizations using OTRS for customer service and support are at risk, particularly those relying on translator functionality for multilingual support. Legacy OTRS deployments running versions 7.0.x (≤7.0.32) and 8.0.x (≤8.0.19) are especially vulnerable. Shared hosting environments where multiple OTRS instances share resources could also be affected if one instance is compromised.
• otrs: Examine OTRS logs for unusual JavaScript execution patterns within the Package manager. Look for POST requests containing suspicious HTML or JavaScript code.
grep -i 'javascript' /var/log/otrs/log.txt• generic web: Monitor access logs for requests containing HTML or JavaScript code in translatable string fields. Use a WAF to detect and block suspicious requests.
grep -i '<script' /var/log/apache2/access.log• generic web: Check response headers for signs of XSS, such as the presence of X-XSS-Protection header (if not enabled, enable it).
curl -I https://your-otrs-instance.com | grep X-XSS-Protectiondisclosure
エクスプロイト状況
EPSS
0.31% (54% パーセンタイル)
CVSS ベクトル
The primary mitigation for CVE-2022-0475 is to upgrade to a patched version of OTRS. OTRS AG has released updates to address this vulnerability. If upgrading immediately is not feasible, consider implementing temporary workarounds. Review and restrict the ability for translators to inject HTML into translatable strings. Implement strict input validation and output encoding to sanitize user-supplied data. Consider using a Web Application Firewall (WAF) to filter out malicious JavaScript payloads. After upgrading, confirm the fix by attempting to inject a simple JavaScript payload into a translatable string and verifying that it is not executed.
Actualice OTRS a una versión posterior a 7.0.32 o 8.0.19, según corresponda, para corregir la vulnerabilidad XSS. Consulte el advisory de seguridad de OTRS para obtener más detalles e instrucciones específicas de actualización.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2022-0475 is a Cross-Site Scripting (XSS) vulnerability affecting OTRS versions 7.0.x (≤7.0.32) and 8.0.x (≤8.0.19). It allows malicious translators to inject JavaScript code.
You are affected if you are running OTRS versions 7.0.x prior to 7.0.32 or 8.0.x prior to 8.0.19.
Upgrade to a patched version of OTRS. Check the official OTRS advisory for the latest available fix.
No active exploitation campaigns have been reported at this time, but proactive mitigation is still recommended.
Refer to the official OTRS security advisory for detailed information and patch instructions: https://otrs.com/security-advisories/