CVE-2010-4760 — Sensitive Information Exposure in Otrs

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 62.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedMar 18

Latest updateMay 17

Description

Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 3.0.8+dfsg1-1 (bullseye)

▶NVDotrs/otrs3.0.0+65

Patches

Patch: bugs.otrs.org ↗Patch: bugs.otrs.org ↗

🔴Vulnerability Details

GHSA

GHSA-5mpq-64rg-fj86: Open Ticket Request System (OTRS) before 3↗2022-05-17

▶

OSV

CVE-2010-4760: Open Ticket Request System (OTRS) before 3↗2011-03-18

▶

💥Exploits & PoCs

Exploit-DB

Microsoft PowerPoint 2010 - 'pptimpconv.dll' DLL Hijacking↗2010-08-24

▶

📋Vendor Advisories

Debian

CVE-2010-4760: otrs2 - Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext...↗2010

▶

💬Community

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶