admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3024

Browse Source 
Auto-merge PR#3024
This commit is contained in:
CVE Team 2020-01-10 10:10:12 -05:00 committed by GitHub
commit 478878257c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 325 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
2020/1xxx/CVE-2020-1765.json
View File

@ -1,18 +1,124 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2020-01-10T00:00:00.000Z",
"ID": "CVE-2020-1765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Spoofing of From field in several screens"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.0.x",
"version_value": "5.0.39"
},
{
"version_affected": "<=",
"version_name": "6.0.x",
"version_value": "6.0.24"
}
]
}
},
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.x",
"version_value": "7.0.13"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sebastian Renker, Jonas Becker"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound.\n\nThis issue affects:\n((OTRS)) Community Edition\n5.0.x version 5.0.39 and prior versions;\n6.0.x version 6.0.24 and prior versions.\nOTRS\n7.0.x version 7.0.13 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-472 External Control of Assumed-Immutable Web Parameter"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-01/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to OTRS 7.0.14, ((OTRS)) Community Edition 6.0.25, ((OTRS)) Community Edition 5.0.40 "
},
{
"lang": "eng",
"value": "Patch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 \nPatch for ((OTRS)) Community Edition 5: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3"
}
],
"source": {
"advisory": "OSA-2020-01",
"defect": [
"2019100942003876"
],
"discovery": "EXTERNAL"
}
}

118
2020/1xxx/CVE-2020-1766.json
View File

@ -1,18 +1,124 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2020-01-10T00:00:00.000Z",
"ID": "CVE-2020-1766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper handling of uploaded inline images"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.0.x",
"version_value": "5.0.39"
},
{
"version_affected": "<=",
"version_name": "6.0.x",
"version_value": "6.0.24"
}
]
}
},
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.x",
"version_value": "7.0.13"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Anton Astaf'ev "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. \n\nThis issue affects:\n((OTRS)) Community Edition\n5.0.x version 5.0.39 and prior versions;\n6.0.x version 6.0.24 and prior versions.\nOTRS\n7.0.x version 7.0.13 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-02/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to OTRS 7.0.14, ((OTRS)) Community Edition 6.0.25, ((OTRS)) Community Edition 5.0.40 "
},
{
"lang": "eng",
"value": "Patch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 \nPatch for ((OTRS)) Community Edition 5: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a"
}
],
"source": {
"advisory": "OSA-2020-02",
"defect": [
"2019112942001838"
],
"discovery": "EXTERNAL"
}
}

107
2020/1xxx/CVE-2020-1767.json
View File

@ -1,18 +1,113 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2020-01-10T00:00:00.000Z",
"ID": "CVE-2020-1767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Possible to send drafted messages as wrong agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.0.x",
"version_value": "6.0.24"
}
]
}
},
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.x",
"version_value": "7.0.13"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent.\n\nThis issue affects:\n((OTRS)) Community Edition\n6.0.x version 6.0.24 and prior versions.\nOTRS\n7.0.x version 7.0.13 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sender spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to OTRS 7.0.14, ((OTRS)) Community Edition 6.0.25"
},
{
"lang": "eng",
"value": "Patch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570"
}
],
"source": {
"advisory": "OSA-2020-03",
"defect": [
"2019121042000738"
],
"discovery": "USER"
}
}