CVE-2024-3262
Information exposure vulnerability in Request Tracker (RT)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.
Vulnerabilidad de exposición de información en el software RT que afecta a la versión 4.4.1. Esta vulnerabilidad permite a un atacante con acceso local al dispositivo recuperar información confidencial sobre la aplicación, como tickets de vulnerabilidad, porque la aplicación almacena la información en la memoria caché del navegador, lo que lleva a la exposición de la información a pesar de la finalización de la sesión.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-03 CVE Reserved
- 2024-04-04 CVE Published
- 2024-04-05 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Best Practical Solutions Search vendor "Best Practical Solutions" | Request Tracker Search vendor "Best Practical Solutions" for product "Request Tracker" | 4.4.1 Search vendor "Best Practical Solutions" for product "Request Tracker" and version "4.4.1" | en |
Affected
|