CVE-2021-21440

Name of the Vulnerable Software and Affected Versions OTRS AG (OTRS) Community Edition versions 6.0.1 and later OTRS AG OTRS versions 7.0.27 and prior OTRS AG OTRS versions 8.0.14 and prior

Description The issue is related to the disclosure of information in the OTRS ticket system. It allows a remote attacker to gain access to confidential data. The problem arises when generated support bundles contain private S/MIME and PGP keys if the containing folder is not hidden.

Recommendations For OTRS AG (OTRS) Community Edition versions 6.0.1 and later, consider hiding the containing folder to prevent private key exposure. For OTRS AG OTRS versions 7.0.27 and prior, restrict access to the support bundles to minimize the risk of exploitation. For OTRS AG OTRS versions 8.0.14 and prior, avoid using the affected support bundle feature until the issue is resolved. As a temporary workaround, consider disabling the generation of support bundles until a patch is available.