Unrated severityNVD Advisory· Published Jul 20, 2020· Updated Sep 17, 2024
Invalidating or changing user does not invalidate session
CVE-2020-1776
Description
When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <=6.0.28
- OTRS AG/((OTRS)) Community Editionv5Range: 6.0.x
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.