修复版本
5.0.1
6.0.1
7.0.1
CVE-2020-1765 describes an improper parameter control vulnerability within OTRS, enabling attackers to spoof the 'from' address in outgoing emails. This allows for potential phishing or impersonation attacks. The vulnerability impacts OTRS Community Edition versions 5.0.x (prior to 5.0.39), 6.0.x (prior to 6.0.24), and 7.0.x (prior to 7.0.13). A fix is available in version 7.0.14.
The primary impact of CVE-2020-1765 is the ability for an attacker to forge the 'from' address in outgoing emails originating from an OTRS instance. This can be leveraged for various malicious purposes, including phishing campaigns targeting users within the organization or external parties. Attackers could impersonate legitimate users or systems, potentially gaining access to sensitive information or executing malicious commands. While the CVSS score is LOW, the potential for social engineering and reputational damage should not be underestimated. The blast radius extends to anyone who receives emails originating from the compromised OTRS system.
CVE-2020-1765 was publicly disclosed on January 10, 2020. There is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been widely reported. The vulnerability is not currently listed on the CISA KEV catalog. Severity is pending further evaluation.
Organizations utilizing OTRS for customer support or ticketing systems are at risk. Specifically, deployments using older versions of OTRS (5.0.x, 6.0.x, or 7.0.x prior to 7.0.14) are vulnerable. Shared hosting environments where multiple organizations share an OTRS instance could also be impacted, as a compromise of one tenant could potentially affect others.
• linux / server:
journalctl -u otrs | grep -i 'from address'• generic web:
curl -I http://otrs_server/AgentTicketCompose | grep Fromdisclosure
漏洞利用状态
EPSS
0.63% (70% 百分位)
CVSS 向量
The recommended mitigation for CVE-2020-1765 is to upgrade OTRS to version 7.0.14 or later. If upgrading is not immediately feasible, consider implementing stricter email authentication policies, such as SPF, DKIM, and DMARC, to help prevent email spoofing. Review OTRS configuration to ensure that email sending restrictions are in place. Monitor OTRS logs for suspicious outbound email activity. After upgrading, confirm the fix by sending test emails and verifying the 'from' address is correctly configured and cannot be easily manipulated.
Actualice OTRS a la última versión disponible. Las versiones 5.0.40, 6.0.25 y 7.0.14 corrigen esta vulnerabilidad. La actualización solucionará la posibilidad de suplantar la identidad en los campos 'De' en varias pantallas.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2020-1765 is a LOW severity vulnerability in OTRS that allows attackers to forge the 'from' address in outgoing emails, potentially enabling phishing or impersonation attacks.
You are affected if you are using OTRS Community Edition versions 5.0.x (prior to 5.0.39), 6.0.x (prior to 6.0.24), or 7.0.x (prior to 7.0.14).
Upgrade OTRS to version 7.0.14 or later. Implement stricter email authentication policies (SPF, DKIM, DMARC) as an interim measure.
There is no current evidence of active exploitation campaigns targeting this vulnerability.
Refer to the OTRS security advisory for details: [https://otrs.com/security-advisories/otrs-security-advisory-cve-2020-1765/](https://otrs.com/security-advisories/otrs-security-advisory-cve-2020-1765/)