CVE-2020-1775: Information disclosure in external interface
First published: Mon Jun 08 2020(Updated: )
BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.
Credit: security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | >=7.0.0<7.0.18 | |
| Otrs Otrs | >=8.0.0<8.0.3 |
Remedy
Upgrade to OTRS 7.0.18 and OTRS 8.0.4.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-1775?
CVE-2020-1775 is a vulnerability in OTRS that allows BCC recipients in mails sent from OTRS to be visible in the article detail on the external interface.
Which versions of OTRS are affected by CVE-2020-1775?
OTRS versions 8.0.3 and prior, as well as 7.0.17 and prior, are affected by CVE-2020-1775.
What is the severity of CVE-2020-1775?
CVE-2020-1775 has a severity level of medium, with a CVSS score of 4.3.
How can I fix CVE-2020-1775?
To fix CVE-2020-1775, you should update OTRS to version 8.0.3 or later, or version 7.0.18 or later.
Where can I find more information about CVE-2020-1775?
You can find more information about CVE-2020-1775 in the OTRS security advisory at https://otrs.com/release-notes/otrs-security-advisory-2020-12/
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/references
- agent/author
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/7.0.0
- version/otrs otrs/8.0.0