cbcvebase.
CVE-2020-1774
published 2020-04-28

CVE-2020-1774: When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send…

PriorityP425medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.91%
55.5th percentile
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions.

Affected

8 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianotrs2< otrs2 6.0.28-1 (bullseye)otrs2 6.0.28-1 (bullseye)
otrsotrs5.0.0 – 5.0.42
otrsotrs6.0.0 – 6.0.27
otrsotrs7.0.0 – 7.0.16
otrs_agcommunity_edition
otrs_agcommunity_edition
otrs_agotrs

CVSS provenance

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.9MEDIUM
vendor_debian4.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.