CVE-2021-21435 — Sensitive Information Exposure in AG Otrs

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

6.5MEDIUMNVD

CNA5.7

EPSS

0.3%

top 47.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Otrs Otrs

Timeline

PublishedFeb 8

Latest updateMay 24

Description

Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDotrs/otrs6.0.0 — 6.0.30+2

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.23+1

🔴Vulnerability Details

GHSA

GHSA-mx9p-p4m9-xg4c: Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface↗2022-05-24

▶

OSV

CVE-2021-21435: Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface↗2021-02-08

▶

CVEList

Information exposure in PDF export↗2021-02-08

▶

📋Vendor Advisories

Debian

CVE-2021-21435: otrs2 - Article Bcc fields and agent personal information are shown when customer prints...↗2021

▶