OTRSCVELIST:CVE-2020-1770CVE-2020-1770 Information disclosure in support bundle files
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
73.1%
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
CNA Affected
[
{
"vendor": "OTRS AG",
"product": "((OTRS)) Community Edition",
"versions": [
{
"version": "5.0.x",
"status": "affected",
"lessThanOrEqual": "5.0.41",
"versionType": "custom"
},
{
"version": "6.0.x",
"status": "affected",
"lessThanOrEqual": "6.0.26",
"versionType": "custom"
}
]
},
{
"vendor": "OTRS AG",
"product": "OTRS",
"versions": [
{
"version": "7.0.x",
"status": "affected",
"lessThanOrEqual": "7.0.15",
"versionType": "custom"
}
]
}
]References
lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
lists.debian.org/debian-lts-announce/2020/05/msg00000.html
lists.debian.org/debian-lts-announce/2023/08/msg00040.html
otrs.com/release-notes/otrs-security-advisory-2020-07/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
73.1%