Description
Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://otrs.com/release-notes/otrs-security-advisory-2020-15/
Scores
CVSS v3
4.3
EPSS
0.0083
EPSS Percentile
53.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
otrs/otrs
7.0.0 - 7.0.21
Published
Oct 15, 2020
Tracked Since
Feb 18, 2026