CVE-2020-1779— Dynamic templates reveal sensitive data when OTRS tags are used
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-1779
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dynamic templates reveal sensitive data when OTRS tags are used
Source: NVD (National Vulnerability Database)
Vulnerability Description
When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version 6.0.40 and prior versions; 7.0.x version 7.0.29 and prior versions; 8.0.x version 8.0.3 and prior versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
OTRS AG OTRSTicketForms 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OTRS AG OTRSTicketForms是德国OTRS公司的一个功能附加组件。使用它可以在代理和外部界面中显示不同的票证掩码和表格,具体取决于哪些动态字段与客户请求相关。 OTRS AG OTRSTicketForms中存在信息泄露漏洞,该漏洞源于当使用动态模板时(OTRSTicketForms ),管理员可以使用没有被正确屏蔽的OTRS标签,可以显示敏感信息。以下产品及型号受到影响:OTRS AG OTRSTicketForms 6.0。x、6.0.40和以前的版本;7.0。x版本、7.0.29和
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OTRS AG | OTRSTicketForms | 6.0.x ~ 6.0.40 | - |
II. Public POCs for CVE-2020-1779
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-1779
请登录查看更多情报信息。
- https://otrs.com/release-notes/otrs-security-advisory-2020-17/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-1779
Same Patch Batch · OTRS AG · 2021-02-08 · 4 CVEs total
| CVE-2021-21435 | 5.7 MEDIUM | Information exposure in PDF export |
| CVE-2021-21434 | 3.5 LOW | XSS in Survey Module |
| CVE-2021-21436 | 3.5 LOW | Agent is able to link customer's Config Items without permission |
IV. Related Vulnerabilities
Same weakness: CWE-200
- CVE-2026-42333
quarkus-openapi-generator has overly broad path-parameter ma - CVE-2026-8198
Activity Logs, User Activity Tracking, Multisite Activity Lo - CVE-2026-42456
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (ID - CVE-2026-41520
Cillium exposes sensitive information included in the cilium - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro
V. Comments for CVE-2020-1779
No comments yet