CVE-2020-1774
MEDIUM4.9EPSS 0.20%Published: 4/28/2020Modified: 4/28/2026
Also known as:DEBIAN-CVE-2020-1774
Description
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions.
Affected packages (1)
- Debian/otrs2from 0, < 6.0.28-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |