CVE-2020-1772
HIGH7.5EPSS 0.45%Published: 3/27/2020Modified: 4/28/2026
Also known as:DEBIAN-CVE-2020-1772
Description
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
Affected packages (1)
- Debian/otrs2from 0, < 6.0.27-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |