CVE-2021-36096 MEDIUM

CVE-2021-36096: Support Bundle includes S/Mime and PGP secret or PIN

Vendor Otrs Ag
Product ((OTRS)) Community Edition
Weakness CWE-200 · Info exposure
Published September 6, 2021
Last update September 16, 2024

CVSS base score

5.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.

Key dates

02Disclosure timeline

September 6, 2021 CVE published
September 16, 2024 Record updated