CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41259 – Debian Security Advisory 5541-1
https://notcve.org/view.php?id=CVE-2023-41259
31 Oct 2023 — Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. Best Practical Request Tracker (RT) anterior a 4.4.7 y 5.x anterior a 5.0.5 permite la divulgación de información a través de encabezados de correo electrónico RT falsos o falsificados en un mensaje de correo electrónico o una llamada API REST de puerta de enlace de correo. Multiple vulnerabilities have been discovered i... • https://docs.bestpractical.com/release-notes/rt/4.4.7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41260 – Ubuntu Security Notice USN-6529-1
https://notcve.org/view.php?id=CVE-2023-41260
31 Oct 2023 — Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. Best Practical Request Tracker (RT) anterior a 4.4.7 y 5.x anterior a 5.0.5 permite la exposición de información en respuestas a llamadas API REST de puerta de enlace de correo. It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could p... • https://docs.bestpractical.com/release-notes/rt/4.4.7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45024 – Debian Security Advisory 5541-1
https://notcve.org/view.php?id=CVE-2023-45024
31 Oct 2023 — Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. Best Practical Request Tracker (RT) 5 anterior a 5.0.5 permite la divulgación de información a través de una búsqueda de transacciones en el generador de consultas de transacciones. Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. • https://docs.bestpractical.com/release-notes/rt/5.0.5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25803
https://notcve.org/view.php?id=CVE-2022-25803
14 Jul 2022 — Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. Best Practical Request Tracker (RT) versiones anteriores a 5.0.3, presenta un Redireccionamiento Abierto por medio de una búsqueda de tickets • https://docs.bestpractical.com/release-notes/rt/5.0.3 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25802 – Debian Security Advisory 5181-1
https://notcve.org/view.php?id=CVE-2022-25802
14 Jul 2022 — Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. Best Practical Request Tracker (RT) versiones anteriores a 4.4.6 y versiones 5.x anteriores a 5.0.3 permite un ataque de tipo XSS por medio de un tipo de contenido diseñado para un adjunto Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. • https://docs.bestpractical.com/release-notes/rt/4.4.6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38562 – Ubuntu Security Notice USN-6529-1
https://notcve.org/view.php?id=CVE-2021-38562
18 Oct 2021 — Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. Best Practical Request Tracker (RT) versiones 4.2 anteriores a 4.2.17, versiones 4.4 anteriores a 4.4.5, y versiones 5.0 anteriores a 5.0.2, permite una divulgación de información confidencial por medio de un ataque de tiempo contra el archivo lib/RT/REST2/Middleware/Auth.pm It was discovered that Request Tracker in... • https://docs.bestpractical.com/release-notes/rt/index.html • CWE-203: Observable Discrepancy •