PT-2021-10112 · Otrs Ag · Otrs Ticket Forms
László Gyaraki
·
Published
2021-02-08
·
Updated
2021-10-19
·
CVE-2020-1779
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
OTRS AG OTRSTicketForms versions 6.0.0 through 6.0.40
OTRS AG OTRSTicketForms versions 7.0.0 through 7.0.29
OTRS AG OTRSTicketForms versions 8.0.0 through 8.0.3
Description:
The issue arises when dynamic templates are used, specifically with OTRSTicketForms. Administrators can utilize OTRS tags that are not properly masked, potentially revealing sensitive information.
Recommendations:
For versions 6.0.0 through 6.0.40, update to a version later than 6.0.40 to resolve the issue.
For versions 7.0.0 through 7.0.29, update to a version later than 7.0.29 to resolve the issue.
For versions 8.0.0 through 8.0.3, update to a version later than 8.0.3 to resolve the issue.
As a temporary workaround, consider restricting the use of OTRS tags in dynamic templates until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Otrs Ticket Forms