Search CVE reports
1 – 7 of 7 results
CVE-2024-3262
Medium priorityInformation exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as...
2 affected packages
request-tracker4, request-tracker5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker5 | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2023-45024
Medium priorityBest Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
1 affected package
request-tracker5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
request-tracker5 | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-41260
Medium prioritySome fixes available 5 of 11
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
2 affected packages
request-tracker4, request-tracker5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
request-tracker4 | Vulnerable | Fixed | Fixed | Fixed | Ignored |
request-tracker5 | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-41259
Medium prioritySome fixes available 5 of 11
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
2 affected packages
request-tracker4, request-tracker5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
request-tracker4 | Vulnerable | Fixed | Fixed | Fixed | Ignored |
request-tracker5 | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
CVE-2022-25803
Medium priorityBest Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
1 affected package
request-tracker5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
request-tracker5 | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2022-25802
Medium prioritySome fixes available 5 of 16
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
2 affected packages
request-tracker4, request-tracker5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
request-tracker4 | Vulnerable | Fixed | Fixed | Fixed | Ignored |
request-tracker5 | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2021-38562
Low prioritySome fixes available 7 of 17
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
2 affected packages
request-tracker4, request-tracker5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
request-tracker4 | Fixed | Fixed | Fixed | Fixed | Ignored |
request-tracker5 | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |