CVE-2021-21440 — Sensitive Information Exposure in AG Community Edition

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

6.5MEDIUMNVD

CNA5.2

EPSS

0.2%

top 60.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Community Edition Otrs AG Otrs Otrs

Timeline

PublishedJul 26

Latest updateMay 24

Description

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5otrs_ag/community_edition6.0.1 — 6.0.x*

▶NVDotrs/otrs6.0.0 — 6.0.1+2

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.27+1

🔴Vulnerability Details

GHSA

GHSA-g64f-vq5j-47gq: Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden↗2022-05-24

▶

OSV

CVE-2021-21440: Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden↗2021-07-26

▶

CVEList

Support Bundle includes S/Mime and PGP keys↗2021-07-26

▶

📋Vendor Advisories

Debian

CVE-2021-21440: otrs2 - Generated Support Bundles contains private S/MIME and PGP keys if containing fol...↗2021

▶