Search CVE reports


Toggle filters

1 – 7 of 7 results


CVE-2024-3262

Medium priority
Needs evaluation

Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as...

2 affected packages

request-tracker4, request-tracker5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker5 Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2023-45024

Medium priority
Needs evaluation

Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.

1 affected package

request-tracker5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker5 Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2023-41260

Medium priority

Some fixes available 5 of 11

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.

2 affected packages

request-tracker4, request-tracker5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker4 Vulnerable Fixed Fixed Fixed Ignored
request-tracker5 Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2023-41259

Medium priority

Some fixes available 5 of 11

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.

2 affected packages

request-tracker4, request-tracker5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker4 Vulnerable Fixed Fixed Fixed Ignored
request-tracker5 Needs evaluation Needs evaluation Not in release Ignored Ignored
Show less packages

CVE-2022-25803

Medium priority
Needs evaluation

Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.

1 affected package

request-tracker5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker5 Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2022-25802

Medium priority

Some fixes available 5 of 16

Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.

2 affected packages

request-tracker4, request-tracker5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker4 Vulnerable Fixed Fixed Fixed Ignored
request-tracker5 Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2021-38562

Low priority

Some fixes available 7 of 17

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

2 affected packages

request-tracker4, request-tracker5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker4 Fixed Fixed Fixed Fixed Ignored
request-tracker5 Needs evaluation Needs evaluation Not in release Not in release Ignored
Show less packages