CVE-2020-1774Sensitive Info Insertion into Sent Data in Otrs

CWE-201Sensitive Info Insertion into Sent DataCWE-435Improper Interaction Between Multiple Correctly-Behaving Entities8 documents8 sources
Severity
4.9MEDIUMNVD
CNA4.5
EPSS
0.2%
top 57.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
OtrsOtrs AG Community EditionOtrs AG Otrs+1 more
Timeline
PublishedApr 28
Latest updateJul 31

Description

When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

CVEListV5otrs_ag/community_edition5.0.x <= 5.0.42, 6.0.x <= 6.0.27+1
NVDotrs/otrs5.0.05.0.42+2
CVEListV5otrs_ag/otrs7.0.x <= 7.0.16

Also affects: Debian Linux 8.0

🔴Vulnerability Details

4
GHSA
GHSA-5g6p-jp4c-37q4: When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys2022-05-24
GHSA
Request logging bypass in Jenkins Audit Trail Plugin2022-02-10
CVEList
Information disclosure2020-04-28
OSV
CVE-2020-1774: When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys2020-04-28

📋Vendor Advisories

1
Debian
CVE-2020-1774: otrs2 - When user downloads PGP or S/MIME keys/certificates, exported file has same name...2020

📄Research Papers

1
arXiv
Secure Email Transmission Protocols -- A New Architecture Design2022-07-31

💬Community

1
Bugzilla
CVE-2020-2160 jenkins: CSRF protection bypass via crafted URLs2020-03-31
CVE-2020-1774 — Sensitive Info Insertion into Sent Data | cvebase