CVE-2020-1770 — Sensitive Info Insertion into Sent Data in AG Community Edition

CWE-201 — Sensitive Info Insertion into Sent Data CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.3MEDIUMNVD

CNA2.4

EPSS

0.4%

top 41.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Community Edition Otrs AG Otrs Otrs +3 more

Timeline

PublishedMar 27

Latest updateMay 24

Description

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5otrs_ag/community_edition5.0.x — 5.0.41+1

▶NVDotrs/otrs5.0.0 — 5.0.41+2

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.15

▶NVDopensuse/leap15.1, 15.2+1

▶NVDopensuse/backports_sle15.0

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-x622-hm6c-fm4f: Support bundle generated files could contain sensitive information that might be unwanted to be disclosed↗2022-05-24

▶

OSV

CVE-2020-1770: Support bundle generated files could contain sensitive information that might be unwanted to be disclosed↗2020-03-27

▶

CVEList

Information disclosure in support bundle files↗2020-03-27

▶

📋Vendor Advisories

Debian

CVE-2020-1770: otrs2 - Support bundle generated files could contain sensitive information that might be...↗2020

▶