OTRSCVELIST:CVE-2020-1769CVE-2020-1769 Autocomplete in the form login screens
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
46.9%
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
CNA Affected
[
{
"vendor": "OTRS AG",
"product": "((OTRS)) Community Edition",
"versions": [
{
"version": "5.0.x",
"status": "affected",
"lessThanOrEqual": "5.0.41",
"versionType": "custom"
},
{
"version": "6.0.x",
"status": "affected",
"lessThanOrEqual": "6.0.26",
"versionType": "custom"
}
]
},
{
"vendor": "OTRS AG",
"product": "OTRS",
"versions": [
{
"version": "7.0.x",
"status": "affected",
"lessThanOrEqual": "7.0.15",
"versionType": "custom"
}
]
}
]References
lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
lists.debian.org/debian-lts-announce/2023/08/msg00040.html
otrs.com/release-notes/otrs-security-advisory-2020-06/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
46.9%