CVE-2021-36096 — Sensitive Information Exposure in AG Community Edition

CWE-200 — Sensitive Information Exposure CWE-312 — Cleartext Storage of Sensitive Info4 documents4 sources

Severity

4.9MEDIUMNVD

CNA5.2

EPSS

0.2%

top 62.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Community Edition Otrs Otrs AG Otrs

Timeline

PublishedSep 6

Latest updateMay 24

Description

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5otrs_ag/community_edition6.0.1 — 6.0.x*

▶NVDotrs/otrs7.0.0 — 7.0.29+2

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.28+1

🔴Vulnerability Details

GHSA

GHSA-cc6f-j84g-6gmr: Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden↗2022-05-24

▶

OSV

CVE-2021-36096: Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden↗2021-09-06

▶

CVEList

Support Bundle includes S/Mime and PGP secret or PIN↗2021-09-06

▶