CVE-2020-1773 Common Vulnerabilities and Exposures

Upstream information

CVE-2020-1773 at MITRE

Description

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1168028 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2020:0551-1, published Thu Dec 7 12:55:39 2023
openSUSE-SU-2020:1475-1, published Thu Dec 7 12:55:40 2023
openSUSE-SU-2020:1509-1, published Thu Dec 7 12:55:40 2023

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP1	`otrs >= 6.0.29-bp151.3.6.2` `otrs-doc >= 6.0.29-bp151.3.6.2` `otrs-itsm >= 6.0.29-bp151.3.6.2`	Patchnames: openSUSE-2020-1475 openSUSE-2020-551
SUSE Package Hub 15 SP2	`otrs >= 6.0.29-bp152.2.8.1` `otrs-doc >= 6.0.29-bp152.2.8.1` `otrs-itsm >= 6.0.29-bp152.2.8.1`	Patchnames: openSUSE-2020-1475 openSUSE-2020-1509
SUSE Package Hub 15	`otrs >= 5.0.42-bp150.2.10.1` `otrs-doc >= 5.0.42-bp150.2.10.1` `otrs-itsm >= 5.0.42-bp150.2.10.1`	Patchnames: openSUSE-2020-551
openSUSE Leap 15.1	`otrs >= 6.0.29-lp151.2.6.2` `otrs-doc >= 6.0.29-lp151.2.6.2` `otrs-itsm >= 6.0.29-lp151.2.6.2`	Patchnames: openSUSE-2020-1475 openSUSE-2020-551
openSUSE Leap 15.2	`otrs >= 6.0.29-lp152.2.3.4` `otrs-doc >= 6.0.29-lp152.2.3.4` `otrs-itsm >= 6.0.29-lp152.2.3.4`	Patchnames: openSUSE-2020-1475

SUSE Timeline for this CVE

CVE page created: Fri Mar 27 19:43:26 2020
CVE page last modified: Mon Sep 9 13:39:39 2024