CVE-2022-0474: Disclosure of mail addresses
First published: Mon Feb 07 2022(Updated: )
Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions.
Credit: security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Custom Contact Fields | >=8.0.0<8.0.12 |
Remedy
Update to OTRSCustomContactFields 8.0.12.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-0474.
What is the title of this vulnerability?
The title of this vulnerability is 'Full list of recipients from customer users in a contact field could be disclosed in notification emails.'
What software is affected by this vulnerability?
The OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions are affected by this vulnerability.
What is the severity of CVE-2022-0474?
The severity of CVE-2022-0474 is classified as low, with a severity value of 3.5.
How can I fix the vulnerability CVE-2022-0474?
To fix the vulnerability CVE-2022-0474, it is recommended to update to version 8.0.12 or later of OTRS AG OTRSCustomContactFields.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/otrs
- canonical/otrs custom contact fields
- version/otrs custom contact fields/8.0.0