Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field.Referenceshttp://bugs.otrs.org/show_bug.cgi?id=2814http://bugs.otrs.org/show_bug.cgi?id=1882http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807
