Vulnerability Description
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Otrs | Otrs | >= 6.0.0, <= 6.0.24 |
| Debian | Debian Linux | 8.0 |
References
- https://lists.debian.org/debian-lts-announce/2020/01/msg00027.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://otrs.com/release-notes/otrs-security-advisory-2020-03/Release NotesVendor Advisory
- https://lists.debian.org/debian-lts-announce/2020/01/msg00027.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://otrs.com/release-notes/otrs-security-advisory-2020-03/Release NotesVendor Advisory
FAQ
What is CVE-2020-1767?
CVE-2020-1767 is a vulnerability with a CVSS score of 3.5 (LOW). Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that ...
How severe is CVE-2020-1767?
CVE-2020-1767 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1767?
Check the references section above for vendor advisories and patch information. Affected products include: Otrs Otrs, Debian Debian Linux.