Main Vulnerability Database SB2020011018

SB2020011018 - Input validation error in OTRS

Published: January 10, 2020 Updated: April 1, 2021

Security Bulletin ID SB2020011018

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2020-1767)

The vulnerability allows a remote authenticated user to manipulate data.

Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.

Remediation

Install update from vendor's website.

References

https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html
https://otrs.com/release-notes/otrs-security-advisory-2020-03/