Fluid Attacks Database

Description

When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	otrs2	=2.0.4p01-10 \|\| =2.0.4p01-11 \|\| =2.0.4p01-12 \|\| =2.0.4p01-13 \|\| =2.0.4p01-14 \|\| =2.0.4p01-14.1 \|\| =2.0.4p01-15 \|\| =2.0.4p01-16 \|\| =2.0.4p01-17 \|\| =2.0.4p01-18 \|\| =2.0.4p01-6 \|\| =2.0.4p01-7 \|\| =2.0.4p01-8 \|\| =2.0.4p01-9 \|\| =2.0.99beta1-1 \|\| =2.0.99beta1-2 \|\| =2.1.1-1 \|\| =2.1.3-1 \|\| =2.1.4-1 \|\| =2.1.4-2 \|\| =2.1.5-1 \|\| =2.1.5-2 \|\| =2.1.5-3 \|\| =2.1.6-1 \|\| =2.1.7-1 \|\| =2.1.7-2 \|\| =2.2.0~beta2-1 \|\| =2.2.0~beta3-1 \|\| =2.2.1-1 \|\| =2.2.2-1 \|\| =2.2.3-1 \|\| =2.2.4-1 \|\| =2.2.5-1 \|\| =2.2.5-2 \|\| =2.2.6-1 \|\| =2.2.7-1 \|\| =2.2.7-2 \|\| =2.2.7-2lenny1 \|\| =2.2.7-2lenny2 \|\| =2.2.7-2lenny3 \|\| =2.2.7-3 \|\| =2.3.2-1 \|\| =2.3.2-2 \|\| =2.3.3-1 \|\| =2.3.4-1 \|\| =2.3.4-2 \|\| =2.3.4-3 \|\| =2.3.4-4 \|\| =2.3.4-5 \|\| =2.3.4-6 \|\| =2.3.4-7 \|\| =2.4.10+dfsg1-1 \|\| =2.4.10+dfsg1-2 \|\| =2.4.10+dfsg1-3 \|\| =2.4.5-1 \|\| =2.4.5-2 \|\| =2.4.5-3 \|\| =2.4.5-4 \|\| =2.4.5-5 \|\| =2.4.6-1 \|\| =2.4.6-2 \|\| =2.4.7+dfsg1-1 \|\| =2.4.7-1 \|\| =2.4.7-2 \|\| =2.4.7-3 \|\| =2.4.7-4 \|\| =2.4.7-5 \|\| =2.4.7-6 \|\| =2.4.8+dfsg1-1 \|\| =2.4.9+dfsg1-1 \|\| =2.4.9+dfsg1-2 \|\| =2.4.9+dfsg1-3 \|\| =2.4.9+dfsg1-3+squeeze1 \|\| =2.4.9+dfsg1-3+squeeze3 \|\| =2.4.9+dfsg1-3+squeeze4 \|\| =2.4.9+dfsg1-3+squeeze5 \|\| =2.4.9+dfsg1-4 \|\| =2.4.9+dfsg1-5 \|\| =3.0.10+dfsg1-1 \|\| =3.0.10+dfsg1-2 \|\| =3.0.11+dfsg1-1 \|\| =3.0.8+dfsg1-1 \|\| =3.0.9+dfsg1-1 \|\| =3.1.0~beta4+dfsg1-1 \|\| =3.1.0~beta5+dfsg1-1 \|\| =3.1.0~rc1+dfsg1-1 \|\| =3.1.1+dfsg1-1 \|\| =3.1.1+dfsg1-2 \|\| =3.1.10+dfsg1-1 \|\| =3.1.11+dfsg1-1 \|\| =3.1.12+dfsg1-1 \|\| =3.1.12+dfsg1-2 \|\| =3.1.12+dfsg1-3 \|\| =3.1.2+dfsg1-1 \|\| =3.1.2+dfsg1-2 \|\| =3.1.2+dfsg1-3 \|\| =3.1.3+dfsg1-1 \|\| =3.1.3+dfsg1-2 \|\| =3.1.4+dfsg1-1 \|\| =3.1.5+dfsg1-1 \|\| =3.1.5+dfsg1-2 \|\| =3.1.5+dfsg1-3 \|\| =3.1.6+dfsg1-1 \|\| =3.1.7+dfsg1-1 \|\| =3.1.7+dfsg1-2 \|\| =3.1.7+dfsg1-3 \|\| =3.1.7+dfsg1-4 \|\| =3.1.7+dfsg1-5 \|\| =3.1.7+dfsg1-6 \|\| =3.1.7+dfsg1-7 \|\| =3.1.7+dfsg1-8 \|\| =3.1.8+dfsg1-1 \|\| =3.1.9+dfsg1-1 \|\| =3.2.1+dfsg1-1 \|\| =3.2.10-1 \|\| =3.2.10-2 \|\| =3.2.11-1 \|\| =3.2.11-1~bpo70+1 \|\| =3.2.12-1 \|\| =3.2.2+dfsg1-1 \|\| =3.2.3+dfsg1-1 \|\| =3.2.4-1 \|\| =3.2.5-1 \|\| =3.2.6-1 \|\| =3.2.6-2 \|\| =3.2.7-1 \|\| =3.2.7-2 \|\| =3.2.8-1 \|\| =3.2.9-1 \|\| =3.2.9-2 \|\| =3.3.1-1 \|\| =3.3.10-1 \|\| =3.3.11-1 \|\| =3.3.18-1~deb7u1 \|\| =3.3.18-1~deb7u2 \|\| =3.3.18-1~deb7u3 \|\| =3.3.2-1 \|\| =3.3.3-1 \|\| =3.3.3-2 \|\| =3.3.3-3 \|\| =3.3.4-1 \|\| =3.3.5-1 \|\| =3.3.6-1 \|\| =3.3.7-1 \|\| =3.3.7-2 \|\| =3.3.8-1 \|\| =3.3.9-1 \|\| =3.3.9-2 \|\| =3.3.9-3 \|\| =3.3.9-3~bpo70+1 \|\| =4.0.10-1 \|\| =4.0.11-1 \|\| =4.0.12-1 \|\| =4.0.13-1 \|\| =4.0.13-1~bpo8+1 \|\| =4.0.5-1 \|\| =4.0.5-2 \|\| =4.0.6-1 \|\| =4.0.7-1 \|\| =4.0.7-2 \|\| =4.0.8-1 \|\| =4.0.9-1 \|\| =5.0.1-1 \|\| =5.0.1-2 \|\| =5.0.10-1 \|\| =5.0.10-1~bpo8+1 \|\| =5.0.11-1 \|\| =5.0.12-1 \|\| =5.0.13-1 \|\| =5.0.13-1~bpo8+1 \|\| =5.0.13-2 \|\| =5.0.14-1 \|\| =5.0.14-1~bpo8+1 \|\| =5.0.15-1 \|\| =5.0.16-1 \|\| =5.0.16-1~bpo8+1 \|\| =5.0.17-1 \|\| =5.0.18-1 \|\| =5.0.19-1 \|\| =5.0.2-1 \|\| =5.0.20-1 \|\| =5.0.21-1 \|\| =5.0.21-1~bpo9+1 \|\| =5.0.22-1 \|\| =5.0.23-1 \|\| =5.0.23-1~bpo9+1 \|\| =5.0.24-1 \|\| =5.0.24-1~bpo9+1 \|\| =5.0.3-1 \|\| =5.0.5-1 \|\| =5.0.6-1 \|\| =5.0.6-1~bpo8+1 \|\| =5.0.7-1 \|\| =5.0.8+dfsg1-1 \|\| =5.0.8-1 \|\| =5.0.8-1~bpo8+1 \|\| =5.0.9+dfsg1-1 \|\| =5.0.9+repack1-1 \|\| =6.0.1-1 \|\| =6.0.10-1 \|\| =6.0.11-1 \|\| =6.0.11-1~bpo9+1 \|\| =6.0.12-1 \|\| =6.0.12-1~bpo9+1 \|\| =6.0.13-1 \|\| =6.0.14-1 \|\| =6.0.15-1 \|\| =6.0.16-1 \|\| =6.0.16-2 \|\| =6.0.17-1 \|\| =6.0.18-1 \|\| =6.0.19-1 \|\| =6.0.2-1 \|\| =6.0.20-1 \|\| =6.0.20-1~bpo10+1 \|\| =6.0.21-1 \|\| =6.0.22-1 \|\| =6.0.23-1 \|\| =6.0.23-2 \|\| =6.0.24-1 \|\| =6.0.24-1~bpo10+1 \|\| =6.0.25-1 \|\| =6.0.25-2 \|\| =6.0.25-3 \|\| =6.0.25-3~bpo10+1 \|\| =6.0.26-1 \|\| =6.0.26-1~bpo10+1 \|\| =6.0.27-1 \|\| =6.0.27-1~bpo10+1 \|\| =6.0.28-1~bpo10+1 \|\| =6.0.3-1 \|\| =6.0.4-1 \|\| =6.0.5-1 \|\| =6.0.6-1 \|\| =6.0.7-1 \|\| =6.0.8-1 \|\| =6.0.8-1~bpo9+1 \|\| =6.0.9-1 \|\| =6.0.9-1~bpo9+1 \|\| >=0 <6.0.28-1	6.0.28-1

Aliases

1. CVE-2020-17742. NVD-2020-17743. OSV-DEBIAN-2020-17744. OSV-2020-17745. SECURITY-TRACKER-CVE-2020-1774

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.