CVE-2020-1777
Agent names disclosed in chat feature
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.
Los nombres de los agentes que participan en una conversación de chat se revelan en determinadas partes de la interfaz externa, así como en las transcripciones de chat dentro de los tickets, cuando el sistema está configurado para enmascarar los nombres reales de los agentes. Este problema afecta a OTRS; versiones 7.0.21 y anteriores, versiones 8.0.6 y anteriores
*Credits:
László Gyaraki
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-11-29 CVE Reserved
- 2020-10-15 CVE Published
- 2023-07-01 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://otrs.com/release-notes/otrs-security-advisory-2020-15 | 2021-10-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 7.0.0 <= 7.0.21 Search vendor "Otrs" for product "Otrs" and version " >= 7.0.0 <= 7.0.21" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 8.0.0 <= 8.0.6 Search vendor "Otrs" for product "Otrs" and version " >= 8.0.0 <= 8.0.6" | - |
Affected
|