CVE-2020-1775 — Sensitive Information Exposure in Otrs

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.3MEDIUMNVD

CNA3.5

EPSS

0.2%

top 53.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs Otrs AG Otrs

Timeline

PublishedJun 8

Latest updateMay 24

Description

BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDotrs/otrs7.0.0 — 7.0.18+1

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.17+1

🔴Vulnerability Details

GHSA

GHSA-mgw5-xgrx-mcp3: BCC recipients in mails sent from OTRS are visible in article detail on external interface↗2022-05-24

▶

CVEList

Information disclosure in external interface↗2020-06-08

▶

📋Vendor Advisories

Debian

CVE-2020-1775: otrs2 - BCC recipients in mails sent from OTRS are visible in article detail on external...↗2020

▶