CVE-2020-1767 - OpenCVE

Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Otrs	Otrs

Configuration 1 [-]

OR	cpe:2.3:a:otrs:otrs:::::community:::*
	cpe:2.3:a:otrs:otrs::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://otrs.com/release-notes/otrs-security-advisory-2020-03/

History

No history.

MITRE

Status: PUBLISHED

Assigner: OTRS

Published: 2020-01-10T15:09:00.608111Z

Updated: 2024-09-16T16:33:51.552Z

Reserved: 2019-11-29T00:00:00

Link: CVE-2020-1767

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-01-10T15:15:12.160

Modified: 2023-08-31T03:15:10.847

Link: CVE-2020-1767

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-1767", "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "assignerShortName": "OTRS", "dateUpdated": "2024-09-16T16:33:51.552Z", "dateReserved": "2019-11-29T00:00:00", "datePublished": "2020-01-10T15:09:00.608111Z"}, "containers": {"cna": {"title": "Possible to send drafted messages as wrong agent", "datePublic": "2020-01-10T00:00:00", "providerMetadata": {"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "shortName": "OTRS", "dateUpdated": "2023-08-31T02:07:04.665672"}, "descriptions": [{"lang": "en", "value": "Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions."}], "affected": [{"vendor": "OTRS AG", "product": "((OTRS)) Community Edition", "versions": [{"version": "6.0.x version 6.0.24 and prior versions", "status": "affected"}]}, {"vendor": "OTRS AG", "product": "OTRS", "versions": [{"version": "7.0.x version 7.0.13 and prior versions", "status": "affected"}]}], "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/"}, {"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2079-1] otrs2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"}, {"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Sender spoofing"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "OSA-2020-03", "defect": ["2019121042000738"], "discovery": "USER"}, "solutions": [{"lang": "en", "value": "Upgrade to OTRS 7.0.14, ((OTRS)) Community Edition 6.0.25"}, {"lang": "en", "value": "Patch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:46:30.861Z"}, "title": "CVE Program Container", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2079-1] otrs2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"}, {"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*", "matchCriteriaId": "69D1FDA1-32D6-4793-AB1D-ED9F0A17939F", "versionEndIncluding": "6.0.24", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "matchCriteriaId": "D86D6CD7-52CC-47B5-8075-462D4A3099FC", "versionEndIncluding": "7.0.13", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions."}, {"lang": "es", "value": "Agent A es capaz de guardar un borrador (es decir, para la respuesta del cliente). Luego, Agent B puede abrir el borrador, cambiar el texto por completo y enviarlo a nombre del Agente A. Para el cliente, no ser\u00e1 visible que el mensaje fue enviado por otro agente. Este problema afecta a: ((OTRS)) Community Edition versiones 6.0.x versi\u00f3n 6.0.24 y anteriores. OTRS versiones 7.0.x versi\u00f3n 7.0.13 y anteriores."}], "id": "CVE-2020-1767", "lastModified": "2023-08-31T03:15:10.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "security@otrs.com", "type": "Secondary"}]}, "published": "2020-01-10T15:15:12.160", "references": [{"source": "security@otrs.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html"}, {"source": "security@otrs.com", "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}, {"source": "security@otrs.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/"}], "sourceIdentifier": "security@otrs.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}