CVE-2020-1777

EUVD-2020-12603
Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
OTRSCNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
otrsotrs
7.0.0 ≤
𝑥
≤ 7.0.21
otrsotrs
8.0.0 ≤
𝑥
≤ 8.0.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
otrs2
bullseye/non-free
6.0.32-6
fixed
Common Weakness Enumeration
References
https://otrs.com/release-notes/otrs-security-advisory-2020-15/
https://otrs.com/release-notes/otrs-security-advisory-2020-15/