CVE-2020-1776

Summary

CVE	CVE-2020-1776
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-07-20 21:15:00 UTC
Updated	2023-08-31 03:15:00 UTC
Description	When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.

Risk And Classification

Problem Types: CWE-613

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Otrs	Otrs	All	All	All	All
Application	Otrs	Otrs	All	All	All	All
Application	Otrs	Otrs	All	All	All	All
Application	Otrs	Otrs	All	All	All	All

References

Reference	Source	Link	Tags
OTRS Security Advisory 2020-13 \| OTRS	CONFIRM	otrs.com	Patch, Vendor Advisory
[SECURITY] [DLA 3551-1] otrs2 security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Marvin Voormann

Legacy QID Mappings

180654 Debian Security Update for otrs2 (CVE-2020-1776)
6000085 Debian Security Update for otrs2 (DLA 3551-1)