CVE-2020-1767

Published: Jan 10, 2020

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.1

3.5

LOW

Description

Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.

Vendor	Product	Versions
OTRS AG	((OTRS)) Community Edition	affected `6.0.x version 6.0.24 and prior versions`
OTRS AG	OTRS	affected `7.0.x version 7.0.13 and prior versions`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://otrs.com/release-notes/otrs-security-advisory-2020-03/

[debian-lts-announce] 20200129 [SECURITY] [DLA 2079-1] otrs2 security update

mailing-list

[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-1767

Description

Affected Products

CVSS v3.1 Details

References