CVE-2020-1775 LOW

CVE-2020-1775: Information disclosure in external interface

Vendor Otrs Ag
Product OTRS
Weakness CWE-200 · Info exposure
Published June 8, 2020
Last update September 16, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.

Key dates

02Disclosure timeline

June 8, 2020 CVE published
September 16, 2024 Record updated