CVE-2008-7281 — Sensitive Information Exposure in Otrs

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 50.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedMar 18

Latest updateMay 17

Description

Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 2.2.7-1 (bullseye)

▶NVDotrs/otrs2.2.6+42

Patches

Patch: bugs.otrs.org ↗Patch: bugs.otrs.org ↗

🔴Vulnerability Details

GHSA

GHSA-66g9-9293-33hc: Open Ticket Request System (OTRS) before 2↗2022-05-17

▶

OSV

CVE-2008-7281: Open Ticket Request System (OTRS) before 2↗2011-03-18

▶

📋Vendor Advisories

Debian

CVE-2008-7281: otrs2 - Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc hea...↗2008

▶

💬Community

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶