AI Score
Confidence
Low
EPSS
Percentile
68.8%
Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field.
bugs.otrs.org/show_bug.cgi?id=1882
bugs.otrs.org/show_bug.cgi?id=2814
source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807