6 matches found
SUSE CVE-2020-1774
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects OTRS Community Edition: 5.0.42 and prior versions, 6.0.27 and prio...
Debian DLA-2198-1 : otrs2 security update
Several vulnerabilities have been discovered in otrs2 Open source Ticket Request System CVE-2020-1770 Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. CVE-2020-1772 Its possible to craft Lost Password requests with wildcards in the Token...
[SECURITY] [DLA 2198-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u15 CVE ID : CVE-2020-1770 CVE-2020-1772 CVE-2020-1774 Several vulnerabilities have been discovered in otrs2 Open source Ticket Request System CVE-2020-1770 Support bundle generated files could contain sensitive information that might be unwanted to be...
OTRS 5.0.x < 6.0.28, 7.0.x < 7.0.17 Information Disclosure Vulnerability (OSA-2020-11)
OTRS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if...
CVE-2020-1774
CVE-2020-1774 affects the Open-Source Ticket Request System (OTRS) versions: Community Edition 5.0.42 and earlier, 6.0.27 and earlier, and OTRS 7.0.16 and earlier. The issue arises when downloading PGP or S/MIME keys/certificates: the exported files share the same name for private and public keys...
CVE-2020-1774
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects OTRS Community Edition: 5.0.42 and prior versions, 6.0.27 and prio...