CVE-2022-32740: Information disclosure in the External Interface
First published: Mon Jun 13 2022(Updated: )
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
Credit: security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | >=7.0.0<7.0.35 | |
| Otrs Otrs | >=8.0.0<8.0.23 |
Remedy
Update to OTRS 8.0.23 or OTRS 7.0.35.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this OTRS vulnerability?
The vulnerability ID for this OTRS vulnerability is CVE-2022-32740.
What is the severity of CVE-2022-32740?
CVE-2022-32740 has a severity of medium with a score of 5.3.
Which software versions are affected by CVE-2022-32740?
CVE-2022-32740 affects versions 7.0.0 to 7.0.35 and versions 8.0.0 to 8.0.23 of OTRS.
How can a reply to a forwarded email expose the email content under certain circumstances in OTRS?
A reply to a forwarded email by a third party in OTRS can unintentionally expose the email content to the ticket customer.
Where can I find more information about CVE-2022-32740?
More information about CVE-2022-32740 can be found at https://otrs.com/release-notes/otrs-security-advisory-2022-08/
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/remedy
- agent/title
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/7.0.0
- version/otrs otrs/8.0.0