{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24389", "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "state": "PUBLISHED", "assignerShortName": "OTRS", "dateReserved": "2025-01-21T09:09:58.721Z", "datePublished": "2025-01-27T05:59:01.064Z", "dateUpdated": "2025-02-12T20:41:31.676Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["SMTP Sending Module"], "product": "OTRS", "vendor": "OTRS AG", "versions": [{"status": "affected", "version": "7.0.x"}, {"status": "affected", "version": "8.0.x"}, {"status": "affected", "version": "2023.x"}, {"status": "affected", "version": "2024.x"}]}, {"defaultStatus": "unaffected", "modules": ["SMTP Sending Module"], "product": "((OTRS)) Community Edition", "vendor": "OTRS AG", "versions": [{"lessThanOrEqual": "6.0.34", "status": "affected", "version": "6.0.x", "versionType": "All"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "OTRS needs to be configured to use SMTP modules instead of sendmail"}], "value": "OTRS needs to be configured to use SMTP modules instead of sendmail"}], "datePublic": "2025-01-27T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator.</div><div></div><p>This issue affects: </p><ul><li>OTRS 7.0.X<br></li><li>OTRS 8.0.X</li><li>OTRS 2023.X</li><li>OTRS 2024.X<br></li><li>((OTRS)) Community Edition: 6.0.x<br></li></ul><div>Products based on the ((OTRS)) Community Edition also very likely to be affected</div><p></p>"}], "value": "Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator.\n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"}], "impacts": [{"capecId": "CAPEC-545", "descriptions": [{"lang": "en", "value": "CAPEC-545 Pull Data from System Resources"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "shortName": "OTRS", "dateUpdated": "2025-01-27T05:59:01.064Z"}, "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2025-03/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Update to OTRS 2025.1.x. Please note that there will be no OTRS 7 patches. <br></div><div>Optional: Use MTA based sending on the OTRS instance e.g. postfix</div>"}], "value": "Update to OTRS 2025.1.x. Please note that there will be no OTRS 7 patches. \n\nOptional: Use MTA based sending on the OTRS instance e.g. postfix"}], "source": {"advisory": "OSA-2025-03", "defect": ["Issue#3185", "Ticket#2024112142001941"], "discovery": "USER"}, "title": "SMTP Password will be shown in cleartext on some SMTP errors", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use a local MTA for sending instead of SMTP configuration within OTRS"}], "value": "Use a local MTA for sending instead of SMTP configuration within OTRS"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24389", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-27T13:23:23.051987Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:31.676Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator.\n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"}], "id": "CVE-2025-24389", "lastModified": "2025-01-27T06:15:24.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "security@otrs.com", "type": "Secondary"}]}, "published": "2025-01-27T06:15:24.170", "references": [{"source": "security@otrs.com", "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-03/"}], "sourceIdentifier": "security@otrs.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security@otrs.com", "type": "Secondary"}]}

{}

{}