http://bugzilla.opensuse.org/show_bug.cgi?id=1168029 Bug ID: 1168029 Summary: VUL-0: CVE-2020-1772: otrs: Lost Password requests with wildcard values could allow attacker to retrieve valid Token Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://smash.suse.de/issue/256040/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: chris@computersalat.de Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2020-1772 It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1772 https://otrs.com/release-notes/otrs-security-advisory-2020-09/ -- You are receiving this mail because: You are on the CC list for the bug.