CVE-2022-32741
Publication date 13 June 2022
Last updated 26 August 2025
Ubuntu priority
Description
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| otrs2 | 22.04 LTS jammy |
Needs evaluation
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial | Ignored end of ESM support, was needs-triage |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
5.3 · Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N