CVE-2020-1777 — Sensitive Information Exposure in AG Otrs

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.3MEDIUMNVD

CNA4.3

EPSS

0.2%

top 53.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Otrs Otrs

Timeline

PublishedOct 15

Latest updateMay 24

Description

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDotrs/otrs7.0.0 — 7.0.21+1

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.21+1

🔴Vulnerability Details

GHSA

GHSA-vcjf-j3r2-f6pp: Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside↗2022-05-24

▶

CVEList

Agent names disclosed in chat feature↗2020-10-15

▶

📋Vendor Advisories

Debian

CVE-2020-1777: otrs2 - Agent names that participates in a chat conversation are revealed in certain par...↗2020

▶