CVE-2020-1772 MEDIUM

CVE-2020-1772: Information Disclosure

Vendor Otrs Ag
Product ((OTRS)) Community Edition
Weakness CWE-155
Published March 27, 2020
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Key dates

02Disclosure timeline

March 27, 2020 CVE published
September 16, 2024 Record updated