Main Vulnerability Database Vulnerabilities #VU51871

#VU51871 Insufficient Session Expiration in OTRS - CVE-2020-1776

Published: July 20, 2020 / Updated: April 1, 2021

Vulnerability identifier: #VU51871

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1776

CWE-ID: CWE-613

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OTRS

Software vendor:
otrs.org

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.

Remediation

Install update from vendor's website.

External links

https://otrs.com/release-notes/otrs-security-advisory-2020-13/

#VU51871 Insufficient Session Expiration in OTRS - CVE-2020-1776

Description

Remediation

External links

Please verify you're human