CVE-2021-21440

medium

Description

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.

References

https://otrs.com/release-notes/otrs-security-advisory-2021-10/

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

Details

Source: Mitre, NVD

Published: 2021-07-26

Updated: 2023-08-31

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N