PT-2021-21116 · Otrs Ag · Otrs+1
Matthias Terlinde
·
Published
2021-09-06
·
Updated
2021-09-13
·
CVE-2021-36096
CVSS v3.1
5.2
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
OTRS AG (OTRS) Community Edition versions 6.0.1 and later
OTRS AG OTRS versions 7.0.28 and prior
OTRS AG OTRS versions 8.0.15 and prior
Description:
The issue is related to Generated Support Bundles containing private S/MIME and PGP keys if the containing folder is not hidden.
Recommendations:
For OTRS AG (OTRS) Community Edition versions 6.0.1 and later, consider hiding the containing folder to prevent exposure of private keys.
For OTRS AG OTRS versions 7.0.28 and prior, consider hiding the containing folder to prevent exposure of private keys.
For OTRS AG OTRS versions 8.0.15 and prior, consider hiding the containing folder to prevent exposure of private keys.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Otrs
Otrs Community Edition