Bug ID 1174830
Summary VUL-1: CVE-2020-1776: otrs: Invalidating or changing user does not invalidate session
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.1
Hardware Other
URL https://smash.suse.de/issue/264018/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee chris@computersalat.de
Reporter atoptsoglou@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker ---

CVE-2020-1776

When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition:
6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1776
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1776.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1776
https://otrs.com/release-notes/otrs-security-advisory-2020-13/


You are receiving this mail because: