Vulnerability Details CVE-2022-0474
Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v3 Score 2.4
CVSS v2 Score 3.5
References
Products affected by CVE-2022-0474
-
cpe:2.3:a:otrs:custom_contact_fields:*