CVE-2022-1004Sensitive Information Exposure in Otrs

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 54.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OtrsOtrs AG Otrs
Timeline
PublishedMar 21
Latest updateMar 22

Description

Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDotrs/otrs7.0.07.0.33+1
CVEListV5otrs_ag/otrs7.0.x7.0.32+1

🔴Vulnerability Details

2
GHSA
GHSA-rhfw-68c9-g5mr: Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled2022-03-22
CVEList
Information disclosure in the External Interface2022-03-21
CVE-2022-1004 — Sensitive Information Exposure in Otrs | cvebase