CVE-2020-1767

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions OTRS Community Edition versions 6.0.24 and prior versions OTRS versions 7.0.13 and prior versions

Description The issue allows one agent to send a message in the name of another agent, without the customer being aware of the change. This is possible because an agent can open a draft saved by another agent, modify the text, and send it under the original agent's name.

Recommendations For OTRS Community Edition versions 6.0.24 and prior versions, update to a version newer than 6.0.24 to resolve the issue. For OTRS versions 7.0.13 and prior versions, update to a version newer than 7.0.13 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-2649

ALT-PU-2020-2748

CVE-2020-1767

DLA-2079-1

DLA-3551-1

Affected Products

Alt Linux

Otrs

Otrs Community Edition

CVE-2020-1767

Related Identifiers

Affected Products

References · 12