Candidate: CVE-2020-1767
PublicDate: 2020-01-10 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1767
 https://otrs.com/release-notes/otrs-security-advisory-2020-03/
Description:
 Agent A is able to save a draft (i.e. for customer reply). Then Agent B can
 open the draft, change the text completely and send it in the name of Agent
 A. For the customer it will not be visible that the message was sent by
 another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version
 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N [4.3 MEDIUM]


Patches_otrs2:
upstream_otrs2: needs-triage
precise/esm_otrs2: DNE
trusty_otrs2: ignored (out of standard support)
trusty/esm_otrs2: DNE
xenial_otrs2: ignored (end of standard support, was needs-triage)
bionic_otrs2: needs-triage
disco_otrs2: ignored (reached end-of-life)
eoan_otrs2: ignored (reached end-of-life)
focal_otrs2: not-affected (6.0.25-1)
groovy_otrs2: not-affected (6.0.25-1)
hirsute_otrs2: not-affected (6.0.25-1)
impish_otrs2: not-affected (6.0.25-1)
jammy_otrs2: not-affected (6.0.25-1)
devel_otrs2: not-affected (6.0.25-1)