CVE-2023-45024

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.

Best Practical Request Tracker (RT) 5 anterior a 5.0.5 permite la divulgación de información a través de una búsqueda de transacciones en el generador de consultas de transacciones.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-10-03 CVE Reserved
2023-10-31 CVE Published
2024-09-06 CVE Updated
2024-11-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (2)

URL	Tag	Source
https://docs.bestpractical.com/release-notes/rt/index.html	Release Notes

URL	Date	SRC

URL	Date	SRC
https://docs.bestpractical.com/release-notes/rt/5.0.5	2023-11-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bestpractical Search vendor "Bestpractical"		Request Tracker Search vendor "Bestpractical" for product "Request Tracker"				>= 5.0.0 < 5.0.5 Search vendor "Bestpractical" for product "Request Tracker" and version " >= 5.0.0 < 5.0.5"		-		Affected