CVE-2020-1767
Summary
| CVE | CVE-2020-1767 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-10 15:15:00 UTC |
| Updated | 2023-08-31 03:15:00 UTC |
| Description | Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| OTRS Security Advisory 2020-03 | OTRS | CONFIRM | otrs.com | Release Notes, Vendor Advisory |
| [SECURITY] [DLA 2079-1] otrs2 security update | MLIST | lists.debian.org | |
| [SECURITY] [DLA 3551-1] otrs2 security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 6000085 Debian Security Update for otrs2 (DLA 3551-1)