CVE-2020-1775
published 2020-06-08CVE-2020-1775: BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior…
PriorityP418medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
EPSS
0.83%
52.8th percentile
BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | — | — |
| otrs | otrs | >= 7.0.0 < 7.0.18 | 7.0.18 |
| otrs | otrs | >= 8.0.0 < 8.0.3 | 8.0.3 |
| otrs_ag | otrs | 7.0.x – 7.0.17 | — |
| otrs_ag | otrs | 8.0.x – 8.0.3 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_debian3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2020-1775: otrs2 - BCC recipients in mails sent from OTRS are visible in article detail on external...
vendor_debian·2020·CVSS 3.5
CVE-2020-1775 [LOW] CVE-2020-1775: otrs2 - BCC recipients in mails sent from OTRS are visible in article detail on external...
BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.
Scope: local
bullseye: resolved
GHSA
GHSA-mgw5-xgrx-mcp3: BCC recipients in mails sent from OTRS are visible in article detail on external interface
ghsa_unreviewed·2022-05-24
CVE-2020-1775 [MEDIUM] CWE-200 GHSA-mgw5-xgrx-mcp3: BCC recipients in mails sent from OTRS are visible in article detail on external interface
BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-06-08
Published