Candidate: CVE-2020-1776
PublicDate: 2020-07-20 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1776
 https://otrs.com/release-notes/otrs-security-advisory-2020-13/
Description:
 When an agent user is renamed or set to invalid the session belonging to
 the user is keept active. The session can not be used to access ticket data
 in the case the agent is invalid. This issue affects ((OTRS)) Community
 Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4.
 and prior versions.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]


Patches_otrs2:
upstream_otrs2: released (6.0.29-1)
precise/esm_otrs2: DNE
trusty_otrs2: ignored (out of standard support)
trusty/esm_otrs2: DNE
xenial_otrs2: ignored (end of standard support, was needed)
bionic_otrs2: needed
focal_otrs2: needed
groovy_otrs2: not-affected (6.0.29-1)
hirsute_otrs2: not-affected (6.0.29-1)
impish_otrs2: not-affected (6.0.29-1)
jammy_otrs2: not-affected (6.0.29-1)
devel_otrs2: not-affected (6.0.29-1)