UBUNTU-CVE-2024-43444

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-43444

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-43444.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-43444

Upstream

CVE-2024-43444

Published

2024-08-26T09:15:00Z

Modified

2025-07-14T07:16:23.253844Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

References

Affected packages

Ubuntu:24.04:LTS / znuny

Package

Name: znuny
Purl: pkg:deb/ubuntu/znuny@6.5.6-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.3-1

6.5.4-1

6.5.5-1

6.5.6-1

Ubuntu:25.04 / znuny

Package

Name: znuny
Purl: pkg:deb/ubuntu/znuny@6.5.14-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.10-1

6.5.11-1

6.5.13-1

6.5.13-1build1

6.5.14-1