1168031 – (CVE-2020-1770) VUL-0: CVE-2020-1770: otrs: Support bundle generated files could contain sensitive information that might be unwanted to be disclosed

Bug 1168031 (CVE-2020-1770) - VUL-0: CVE-2020-1770: otrs: Support bundle generated files could contain sensitive information that might be unwanted to be disclosed

Summary: VUL-0: CVE-2020-1770: otrs: Support bundle generated files could contain sens...

Status:	RESOLVED FIXED

Alias:	CVE-2020-1770

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Basesystem (show other bugs)
Version:	Leap 15.2
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor (vote)
Target Milestone:	---
Assignee:	Christian Wittmer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/256038/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-03-30 07:33 UTC by Alexander Bergmann
Modified:	2020-09-23 13:21 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2020-03-30 07:33:56 UTC

CVE-2020-1770

Support bundle generated files could contain sensitive information that might be
unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41
and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1770
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1770.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1770
https://otrs.com/release-notes/otrs-security-advisory-2020-07/

Comment 1 Christian Wittmer 2020-04-07 22:09:45 UTC

obgoing work ...

Comment 2 Swamp Workflow Management 2020-04-08 12:40:53 UTC

This is an autogenerated message for OBS integration:
This bug (1168031) was mentioned in
https://build.opensuse.org/request/show/792434 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs

Comment 3 Swamp Workflow Management 2020-04-09 10:20:44 UTC

This is an autogenerated message for OBS integration:
This bug (1168031) was mentioned in
https://build.opensuse.org/request/show/792677 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs
https://build.opensuse.org/request/show/792678 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs

Comment 4 Swamp Workflow Management 2020-04-22 12:40:47 UTC

This is an autogenerated message for OBS integration:
This bug (1168031) was mentioned in
https://build.opensuse.org/request/show/796277 15.1 / otrs

Comment 5 Swamp Workflow Management 2020-04-25 19:15:07 UTC

openSUSE-SU-2020:0551-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
Sources used:
openSUSE Leap 15.1 (src):    otrs-5.0.42-lp151.2.3.1
openSUSE Backports SLE-15-SP1 (src):    otrs-5.0.42-bp151.3.3.1
openSUSE Backports SLE-15 (src):    otrs-5.0.42-bp150.2.10.1

Comment 6 Christian Wittmer 2020-05-04 08:37:28 UTC

can we close this ?

Comment 7 Marcus Meissner 2020-06-16 14:40:53 UTC

closing

Comment 8 Swamp Workflow Management 2020-09-20 04:23:05 UTC

openSUSE-SU-2020:1475-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    otrs-6.0.29-lp152.2.3.4
openSUSE Leap 15.1 (src):    otrs-6.0.29-lp151.2.6.2
openSUSE Backports SLE-15-SP2 (src):    otrs-6.0.29-bp152.2.5.4
openSUSE Backports SLE-15-SP1 (src):    otrs-6.0.29-bp151.3.6.2

Comment 9 Swamp Workflow Management 2020-09-23 13:21:57 UTC

openSUSE-SU-2020:1509-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    otrs-6.0.29-bp152.2.8.1