Vulnerabilites related to bestpractical - request_tracker
Vulnerability from fkie_nvd
Published
2015-08-14 18:59
Modified
2024-11-21 02:33
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E877C3-C4F4-4102-8B32-09D86C4CB509",
"versionEndIncluding": "4.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Request Tracker (RT) en la versi\u00f3n 4.x y anteriores a 4.2.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con (1) el usuario o (2) p\u00e1ginas de gesti\u00f3n de derechos de grupo."
}
],
"id": "CVE-2015-5475",
"lastModified": "2024-11-21T02:33:06.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-14T18:59:10.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3335"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76364"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bestpractical.com/release-notes/rt/4.2.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bestpractical.com/release-notes/rt/4.2.12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-24 12:01
Modified
2024-11-21 01:46
Severity ?
Summary
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | 3.8.3 | |
| bestpractical | request_tracker | 3.8.4 | |
| bestpractical | request_tracker | 3.8.7 | |
| bestpractical | request_tracker | 3.8.9 | |
| bestpractical | request_tracker | 3.8.10 | |
| bestpractical | request_tracker | 3.8.11 | |
| bestpractical | request_tracker | 3.8.12 | |
| bestpractical | request_tracker | 3.8.13 | |
| bestpractical | request_tracker | 3.8.14 | |
| bestpractical | request_tracker | 4.0.0 | |
| bestpractical | request_tracker | 4.0.1 | |
| bestpractical | request_tracker | 4.0.2 | |
| bestpractical | request_tracker | 4.0.3 | |
| bestpractical | request_tracker | 4.0.4 | |
| bestpractical | request_tracker | 4.0.5 | |
| bestpractical | request_tracker | 4.0.6 | |
| bestpractical | request_tracker | 4.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E751355A-5C27-47D5-A501-BE0033BB8E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB660C2B-9EAB-45E7-83D4-C61B71A70704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6149929E-AC54-484C-9914-BE5B9011B6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96D2D87E-2C68-44F7-B8C5-922452742A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD49949-14EC-4023-8FC5-6BDC5EC64991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF47625-80E7-4B73-8C93-8E022AC2703B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C24F467B-2654-4ED4-B1C9-66BE6D263C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5947B639-9DA1-401A-A227-31A065B4C1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B005E-8714-4E5D-B026-E22C7FA6DCEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue\u0027s address."
},
{
"lang": "es",
"value": "Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG est\u00e1 activado, permite a atacantes remotos configurar el cifrado o firmado para determinados correos salientes, y posiblemente provocar una denegaci\u00f3n de servicio (p\u00e9rdida de lectura de correos), a trav\u00e9s de un mensaje de correo a la cola de direcciones."
}
],
"id": "CVE-2012-6579",
"lastModified": "2024-11-21T01:46:25.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-24T12:01:45.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-14 12:15
Modified
2024-11-21 06:53
Severity ?
Summary
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/5.0.3 | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/5.0.3 | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0DBE03-5EF5-4B52-99B2-6D07FC59EB7C",
"versionEndExcluding": "5.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) versiones anteriores a 5.0.3, presenta un Redireccionamiento Abierto por medio de una b\u00fasqueda de tickets"
}
],
"id": "CVE-2022-25803",
"lastModified": "2024-11-21T06:53:01.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T12:15:11.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-24 12:01
Modified
2024-11-21 01:46
Severity ?
Summary
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | 3.8.3 | |
| bestpractical | request_tracker | 3.8.4 | |
| bestpractical | request_tracker | 3.8.7 | |
| bestpractical | request_tracker | 3.8.9 | |
| bestpractical | request_tracker | 3.8.10 | |
| bestpractical | request_tracker | 3.8.11 | |
| bestpractical | request_tracker | 3.8.12 | |
| bestpractical | request_tracker | 3.8.13 | |
| bestpractical | request_tracker | 3.8.14 | |
| bestpractical | request_tracker | 4.0.0 | |
| bestpractical | request_tracker | 4.0.1 | |
| bestpractical | request_tracker | 4.0.2 | |
| bestpractical | request_tracker | 4.0.3 | |
| bestpractical | request_tracker | 4.0.4 | |
| bestpractical | request_tracker | 4.0.5 | |
| bestpractical | request_tracker | 4.0.6 | |
| bestpractical | request_tracker | 4.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E751355A-5C27-47D5-A501-BE0033BB8E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB660C2B-9EAB-45E7-83D4-C61B71A70704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6149929E-AC54-484C-9914-BE5B9011B6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96D2D87E-2C68-44F7-B8C5-922452742A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD49949-14EC-4023-8FC5-6BDC5EC64991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF47625-80E7-4B73-8C93-8E022AC2703B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C24F467B-2654-4ED4-B1C9-66BE6D263C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5947B639-9DA1-401A-A227-31A065B4C1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B005E-8714-4E5D-B026-E22C7FA6DCEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a \"Sign by default\" queue configuration, uses a queue\u0027s key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics."
},
{
"lang": "es",
"value": "Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG est\u00e1 activado con \"Sing by defaul\" (firmar por defecto), utiliza una cola de claves para firmar que podr\u00eda permitir a atacantes remotos suplantar mensajes aprovechando la falta de autenticaci\u00f3n sem\u00e1ntica."
}
],
"id": "CVE-2012-6578",
"lastModified": "2024-11-21T01:46:25.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-24T12:01:45.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-03 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E877C3-C4F4-4102-8B32-09D86C4CB509",
"versionEndIncluding": "4.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el interfaz de criptograf\u00eda en Request Tracker (RT) en versiones anteriores a 4.2.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una clave p\u00fablica manipulada."
}
],
"id": "CVE-2015-6506",
"lastModified": "2024-11-21T02:35:05.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-03T14:59:08.773",
"references": [
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"
},
{
"source": "security@debian.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"
},
{
"source": "security@debian.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"
},
{
"source": "security@debian.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2015/dsa-3335"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bestpractical.com/release-notes/rt/4.2.12"
},
{
"source": "security@debian.org",
"url": "https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bestpractical.com/release-notes/rt/4.2.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-18 09:15
Modified
2024-11-21 06:17
Severity ?
Summary
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D08BAE0-181B-46A0-B8B4-311B8E6C550E",
"versionEndExcluding": "4.2.17",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D6692C-6D84-4D03-B65F-5BBAFD439826",
"versionEndExcluding": "4.4.5",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "861FFFAE-2644-474C-AD4F-2CC84F907869",
"versionEndExcluding": "5.0.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) versiones 4.2 anteriores a 4.2.17, versiones 4.4 anteriores a 4.4.5, y versiones 5.0 anteriores a 5.0.2, permite una divulgaci\u00f3n de informaci\u00f3n confidencial por medio de un ataque de tiempo contra el archivo lib/RT/REST2/Middleware/Auth.pm"
}
],
"id": "CVE-2021-38562",
"lastModified": "2024-11-21T06:17:27.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-18T09:15:08.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-09 14:59
Modified
2024-11-21 02:24
Severity ?
Summary
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF6C94C-1D60-4E93-A832-2DCED50EC44D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96D2D87E-2C68-44F7-B8C5-922452742A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD49949-14EC-4023-8FC5-6BDC5EC64991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF47625-80E7-4B73-8C93-8E022AC2703B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C24F467B-2654-4ED4-B1C9-66BE6D263C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5947B639-9DA1-401A-A227-31A065B4C1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B005E-8714-4E5D-B026-E22C7FA6DCEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B688DE-4F85-4E2C-AC11-03B7AEE52389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "47951328-8CC4-4BD9-ACB7-5D3543305455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2A1A08-7109-4411-B632-72C43E29271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "54781FF6-D6DC-40A0-BE84-4D0FA3321280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8555184-9645-4A86-A342-DB2716FA4502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB4167E-E120-49E5-B41C-2ED61CEB3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A908C589-C929-4DDB-AA04-428604BD13B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B97DF0A9-2C43-41FF-B0A0-D57E4D9F5451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73AE7380-BD83-4CBD-B800-4ED1C9F2114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A90AB565-C945-480C-A159-F0D157920C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4316AA-3412-4CE8-9757-B5A9875E5113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "048340BE-7179-4DCD-9A7A-B0C91C384E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB14ADD-F24C-4122-9EDE-FCB0E7E53065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "725F177A-347F-46FB-88BE-3EE8CD340A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "711FB4EF-6E49-408B-A73D-5AF0E5281919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E54887-C460-4778-B570-8A86B51A7DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E19B8ABA-806D-404B-8303-A487D2276B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "10368C1D-3D9C-4AC8-83B7-3C17F544F533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "016A9A48-9F12-4842-862F-4A192DA0D924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D148F2A-F6B1-432A-9743-35BC43E86B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2445145B-A162-484D-ABDF-053C20FD7E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15EE6E16-375A-42B0-AE3C-E1FB95E9F466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83BF8033-9E4D-4B8B-B9E4-E992FE848F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C68D322-E453-48D5-A5FB-39C744D90858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3881CA9B-5358-4808-9041-DE3E2FC8927F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A95CE3FD-5311-4644-8417-A74FF6B88458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD1F04-3D0E-4210-8039-073B28ECCD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26235782-E3A1-4D71-9E82-87DAC822D79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors."
},
{
"lang": "es",
"value": "RT (tambi\u00e9n conocido como Request Tracker) 3.8.8 hasta 4.x anterior a 4.0.23 y 4.2.x anterior a 4.2.10 permite a atacantes remotos obtener URLs de alimentaci\u00f3n RSS y datos de tickets sensibles a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-1165",
"lastModified": "2024-11-21T02:24:48.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-09T14:59:05.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3176"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-03 16:29
Modified
2024-11-21 03:28
Severity ?
Summary
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3882 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/99381 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3882 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99381 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "54781FF6-D6DC-40A0-BE84-4D0FA3321280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8555184-9645-4A86-A342-DB2716FA4502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB4167E-E120-49E5-B41C-2ED61CEB3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A908C589-C929-4DDB-AA04-428604BD13B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B97DF0A9-2C43-41FF-B0A0-D57E4D9F5451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73AE7380-BD83-4CBD-B800-4ED1C9F2114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A90AB565-C945-480C-A159-F0D157920C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4316AA-3412-4CE8-9757-B5A9875E5113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "048340BE-7179-4DCD-9A7A-B0C91C384E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB14ADD-F24C-4122-9EDE-FCB0E7E53065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "725F177A-347F-46FB-88BE-3EE8CD340A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "711FB4EF-6E49-408B-A73D-5AF0E5281919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E54887-C460-4778-B570-8A86B51A7DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E19B8ABA-806D-404B-8303-A487D2276B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "10368C1D-3D9C-4AC8-83B7-3C17F544F533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B4054F0C-ED26-4B96-AF48-7F012DFF6836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3F262EE4-AF42-406C-9C56-4D0149954509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "016A9A48-9F12-4842-862F-4A192DA0D924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D148F2A-F6B1-432A-9743-35BC43E86B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2445145B-A162-484D-ABDF-053C20FD7E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15EE6E16-375A-42B0-AE3C-E1FB95E9F466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83BF8033-9E4D-4B8B-B9E4-E992FE848F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C68D322-E453-48D5-A5FB-39C744D90858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3881CA9B-5358-4808-9041-DE3E2FC8927F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A95CE3FD-5311-4644-8417-A74FF6B88458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD1F04-3D0E-4210-8039-073B28ECCD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26235782-E3A1-4D71-9E82-87DAC822D79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "944E381D-8133-40D8-AE36-DB200E1B2E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6DAD64-37C7-4446-89EF-2F0B06C10050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "54510C9E-1C10-4624-8915-1548AB858C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F2E28D-8798-4E1C-806C-5785E571E40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38CD098-4B4C-4942-98C3-381795ECFFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78B2EEBC-1695-42B9-85BA-581BA93125FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name."
},
{
"lang": "es",
"value": "La interfaz de subscripci\u00f3n del dashboard en Request Tracker (RT) versi\u00f3n 4.x anterior a 4.0.25, versi\u00f3n 4.2.x anterior a 4.2.14 y versi\u00f3n 4.4.x anterior a 4.4.2, podr\u00eda permitir a los usuarios identificados remotos con ciertos privilegios ejecutar c\u00f3digo arbitrario por medio de un nombre de b\u00fasqueda guardada especialmente dise\u00f1ado."
}
],
"id": "CVE-2017-5944",
"lastModified": "2024-11-21T03:28:43.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-03T16:29:00.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99381"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-14 12:15
Modified
2024-11-21 06:53
Severity ?
Summary
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/4.4.6 | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/5.0.3 | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/4.4.6 | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/5.0.3 | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1DBD1F-2252-4295-BABD-661FBDCB9E55",
"versionEndExcluding": "4.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "253BA797-BE23-4CE0-A08B-21D731F1D2F0",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) versiones anteriores a 4.4.6 y versiones 5.x anteriores a 5.0.3 permite un ataque de tipo XSS por medio de un tipo de contenido dise\u00f1ado para un adjunto"
}
],
"id": "CVE-2022-25802",
"lastModified": "2024-11-21T06:53:01.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T12:15:11.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-09 14:59
Modified
2024-11-21 02:25
Severity ?
Summary
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | 4.2.0 | |
| bestpractical | request_tracker | 4.2.1 | |
| bestpractical | request_tracker | 4.2.2 | |
| bestpractical | request_tracker | 4.2.3 | |
| bestpractical | request_tracker | 4.2.4 | |
| bestpractical | request_tracker | 4.2.5 | |
| bestpractical | request_tracker | 4.2.6 | |
| bestpractical | request_tracker | 4.2.7 | |
| bestpractical | request_tracker | 4.2.8 | |
| bestpractical | request_tracker | 4.2.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FDDD86F-98D0-49D7-8467-AAF9842F771D",
"versionEndIncluding": "4.0.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "016A9A48-9F12-4842-862F-4A192DA0D924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D148F2A-F6B1-432A-9743-35BC43E86B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2445145B-A162-484D-ABDF-053C20FD7E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15EE6E16-375A-42B0-AE3C-E1FB95E9F466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83BF8033-9E4D-4B8B-B9E4-E992FE848F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C68D322-E453-48D5-A5FB-39C744D90858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3881CA9B-5358-4808-9041-DE3E2FC8927F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A95CE3FD-5311-4644-8417-A74FF6B88458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD1F04-3D0E-4210-8039-073B28ECCD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26235782-E3A1-4D71-9E82-87DAC822D79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL."
},
{
"lang": "es",
"value": "RT (tambi\u00e9n conocido como Request Tracker) anterior a 4.0.23 y 4.2.x anterior a 4.2.10 permite a atacantes remotos secuestrar sesiones a trav\u00e9s de una URL de alimentaci\u00f3n RSS."
}
],
"id": "CVE-2015-1464",
"lastModified": "2024-11-21T02:25:29.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-09T14:59:06.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3176"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-03 05:15
Modified
2024-11-21 08:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE81C97-B149-415E-B44E-4ACB3669809C",
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) 5 anterior a 5.0.5 permite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de una b\u00fasqueda de transacciones en el generador de consultas de transacciones."
}
],
"id": "CVE-2023-45024",
"lastModified": "2024-11-21T08:26:14.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-03T05:15:30.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-03 05:15
Modified
2024-11-21 08:20
Severity ?
Summary
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/4.4.7 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/5.0.5 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/4.4.7 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/5.0.5 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5782F7D4-E17A-4BB3-8AEB-02CEAA4A5DEF",
"versionEndExcluding": "4.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE81C97-B149-415E-B44E-4ACB3669809C",
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) anterior a 4.4.7 y 5.x anterior a 5.0.5 permite la exposici\u00f3n de informaci\u00f3n en respuestas a llamadas API REST de puerta de enlace de correo."
}
],
"id": "CVE-2023-41260",
"lastModified": "2024-11-21T08:20:56.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-03T05:15:29.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-03 16:29
Modified
2024-11-21 03:28
Severity ?
Summary
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3882 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/99384 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3882 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99384 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "54781FF6-D6DC-40A0-BE84-4D0FA3321280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8555184-9645-4A86-A342-DB2716FA4502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB4167E-E120-49E5-B41C-2ED61CEB3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A908C589-C929-4DDB-AA04-428604BD13B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B97DF0A9-2C43-41FF-B0A0-D57E4D9F5451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73AE7380-BD83-4CBD-B800-4ED1C9F2114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A90AB565-C945-480C-A159-F0D157920C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4316AA-3412-4CE8-9757-B5A9875E5113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "048340BE-7179-4DCD-9A7A-B0C91C384E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB14ADD-F24C-4122-9EDE-FCB0E7E53065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "725F177A-347F-46FB-88BE-3EE8CD340A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "711FB4EF-6E49-408B-A73D-5AF0E5281919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E54887-C460-4778-B570-8A86B51A7DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E19B8ABA-806D-404B-8303-A487D2276B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "10368C1D-3D9C-4AC8-83B7-3C17F544F533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B4054F0C-ED26-4B96-AF48-7F012DFF6836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3F262EE4-AF42-406C-9C56-4D0149954509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "016A9A48-9F12-4842-862F-4A192DA0D924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D148F2A-F6B1-432A-9743-35BC43E86B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2445145B-A162-484D-ABDF-053C20FD7E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15EE6E16-375A-42B0-AE3C-E1FB95E9F466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83BF8033-9E4D-4B8B-B9E4-E992FE848F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C68D322-E453-48D5-A5FB-39C744D90858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3881CA9B-5358-4808-9041-DE3E2FC8927F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A95CE3FD-5311-4644-8417-A74FF6B88458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD1F04-3D0E-4210-8039-073B28ECCD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26235782-E3A1-4D71-9E82-87DAC822D79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "944E381D-8133-40D8-AE36-DB200E1B2E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6DAD64-37C7-4446-89EF-2F0B06C10050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "54510C9E-1C10-4624-8915-1548AB858C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F2E28D-8798-4E1C-806C-5785E571E40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38CD098-4B4C-4942-98C3-381795ECFFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78B2EEBC-1695-42B9-85BA-581BA93125FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL."
},
{
"lang": "es",
"value": "Request Tracker (RT) versi\u00f3n 4.x anterior a 4.0.25, versi\u00f3n 4.2.x anterior a 4.2.14 y versi\u00f3n 4.4.x anterior a 4.4.2, permite a atacantes remotos obtener informaci\u00f3n confidencial sobre los tokens de verificaci\u00f3n de problemas de tipo cross-site request forgery (CSRF) por medio de una URL creada."
}
],
"id": "CVE-2017-5943",
"lastModified": "2024-11-21T03:28:43.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-03T16:29:00.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99384"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-03 16:29
Modified
2024-11-21 02:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3882 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/99375 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3882 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99375 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "54781FF6-D6DC-40A0-BE84-4D0FA3321280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8555184-9645-4A86-A342-DB2716FA4502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB4167E-E120-49E5-B41C-2ED61CEB3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A908C589-C929-4DDB-AA04-428604BD13B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B97DF0A9-2C43-41FF-B0A0-D57E4D9F5451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73AE7380-BD83-4CBD-B800-4ED1C9F2114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A90AB565-C945-480C-A159-F0D157920C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4316AA-3412-4CE8-9757-B5A9875E5113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "048340BE-7179-4DCD-9A7A-B0C91C384E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB14ADD-F24C-4122-9EDE-FCB0E7E53065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "725F177A-347F-46FB-88BE-3EE8CD340A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "711FB4EF-6E49-408B-A73D-5AF0E5281919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E54887-C460-4778-B570-8A86B51A7DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E19B8ABA-806D-404B-8303-A487D2276B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "10368C1D-3D9C-4AC8-83B7-3C17F544F533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B4054F0C-ED26-4B96-AF48-7F012DFF6836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3F262EE4-AF42-406C-9C56-4D0149954509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "016A9A48-9F12-4842-862F-4A192DA0D924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D148F2A-F6B1-432A-9743-35BC43E86B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2445145B-A162-484D-ABDF-053C20FD7E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15EE6E16-375A-42B0-AE3C-E1FB95E9F466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83BF8033-9E4D-4B8B-B9E4-E992FE848F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C68D322-E453-48D5-A5FB-39C744D90858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3881CA9B-5358-4808-9041-DE3E2FC8927F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A95CE3FD-5311-4644-8417-A74FF6B88458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD1F04-3D0E-4210-8039-073B28ECCD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26235782-E3A1-4D71-9E82-87DAC822D79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "944E381D-8133-40D8-AE36-DB200E1B2E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6DAD64-37C7-4446-89EF-2F0B06C10050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "54510C9E-1C10-4624-8915-1548AB858C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F2E28D-8798-4E1C-806C-5785E571E40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38CD098-4B4C-4942-98C3-381795ECFFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78B2EEBC-1695-42B9-85BA-581BA93125FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site Scripting (XSS) en Request Tracker (RT) 4.x anterior a 4.0.25, 4.2.x anterior 4.2.14 y 4.4.x anterior a la 4.4.2, cuando la configuraci\u00f3n AlwaysDownloadAttachments no esta en uso, permite a un atacante remoto inyectar un script aleatorio en la web o c\u00f3digo HTML mediante la subida de un archivo de contenido inespec\u00edfico."
}
],
"id": "CVE-2016-6127",
"lastModified": "2024-11-21T02:55:30.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-03T16:29:00.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99375"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-24 12:01
Modified
2024-11-21 01:46
Severity ?
Summary
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | 3.8.3 | |
| bestpractical | request_tracker | 3.8.4 | |
| bestpractical | request_tracker | 3.8.7 | |
| bestpractical | request_tracker | 3.8.9 | |
| bestpractical | request_tracker | 3.8.10 | |
| bestpractical | request_tracker | 3.8.11 | |
| bestpractical | request_tracker | 3.8.12 | |
| bestpractical | request_tracker | 3.8.13 | |
| bestpractical | request_tracker | 3.8.14 | |
| bestpractical | request_tracker | 4.0.0 | |
| bestpractical | request_tracker | 4.0.1 | |
| bestpractical | request_tracker | 4.0.2 | |
| bestpractical | request_tracker | 4.0.3 | |
| bestpractical | request_tracker | 4.0.4 | |
| bestpractical | request_tracker | 4.0.5 | |
| bestpractical | request_tracker | 4.0.6 | |
| bestpractical | request_tracker | 4.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E751355A-5C27-47D5-A501-BE0033BB8E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB660C2B-9EAB-45E7-83D4-C61B71A70704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6149929E-AC54-484C-9914-BE5B9011B6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96D2D87E-2C68-44F7-B8C5-922452742A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD49949-14EC-4023-8FC5-6BDC5EC64991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF47625-80E7-4B73-8C93-8E022AC2703B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C24F467B-2654-4ED4-B1C9-66BE6D263C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5947B639-9DA1-401A-A227-31A065B4C1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B005E-8714-4E5D-B026-E22C7FA6DCEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message\u0027s origin or interfere with encryption-policy auditing via an e-mail message to a queue\u0027s address."
},
{
"lang": "es",
"value": "Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG est\u00e1 activado, no se asegura que las etiquetas UI descifradas se encuentren en este estado, lo que podr\u00eda facilitar a atacantes remotos suplantar los detalles del origen del mensaje o interferir con la auditor\u00eda de pol\u00edtica de cifrado a trav\u00e9s de un mensaje hacia una cola de direcciones."
}
],
"id": "CVE-2012-6580",
"lastModified": "2024-11-21T01:46:25.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-24T12:01:45.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-24 12:01
Modified
2024-11-21 01:46
Severity ?
Summary
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | 3.8.3 | |
| bestpractical | request_tracker | 3.8.4 | |
| bestpractical | request_tracker | 3.8.7 | |
| bestpractical | request_tracker | 3.8.9 | |
| bestpractical | request_tracker | 3.8.10 | |
| bestpractical | request_tracker | 3.8.11 | |
| bestpractical | request_tracker | 3.8.12 | |
| bestpractical | request_tracker | 3.8.13 | |
| bestpractical | request_tracker | 3.8.14 | |
| bestpractical | request_tracker | 4.0.0 | |
| bestpractical | request_tracker | 4.0.1 | |
| bestpractical | request_tracker | 4.0.2 | |
| bestpractical | request_tracker | 4.0.3 | |
| bestpractical | request_tracker | 4.0.4 | |
| bestpractical | request_tracker | 4.0.5 | |
| bestpractical | request_tracker | 4.0.6 | |
| bestpractical | request_tracker | 4.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E751355A-5C27-47D5-A501-BE0033BB8E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB660C2B-9EAB-45E7-83D4-C61B71A70704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6149929E-AC54-484C-9914-BE5B9011B6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96D2D87E-2C68-44F7-B8C5-922452742A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD49949-14EC-4023-8FC5-6BDC5EC64991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF47625-80E7-4B73-8C93-8E022AC2703B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C24F467B-2654-4ED4-B1C9-66BE6D263C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5947B639-9DA1-401A-A227-31A065B4C1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B005E-8714-4E5D-B026-E22C7FA6DCEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product\u0027s keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege."
},
{
"lang": "es",
"value": "Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG est\u00e1 activado, permite a atacantes remotos evitar las restricciones de acceso establecidas mediante la lectura del keyring del producto y provocar una salida de mensajes de correo a trav\u00e9s de una clave almacenada de su elecci\u00f3n, aprovechando los privilegios de firmado del UI e-mail."
}
],
"id": "CVE-2012-6581",
"lastModified": "2024-11-21T01:46:25.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-24T12:01:45.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-10 21:55
Modified
2024-11-21 01:53
Severity ?
Summary
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | 3.6.8 | |
| bestpractical | request_tracker | 3.6.10 | |
| bestpractical | request_tracker | 3.6.11 | |
| bestpractical | request_tracker | 3.8.3 | |
| bestpractical | request_tracker | 3.8.4 | |
| bestpractical | request_tracker | 3.8.7 | |
| bestpractical | request_tracker | 3.8.9 | |
| bestpractical | request_tracker | 3.8.10 | |
| bestpractical | request_tracker | 3.8.11 | |
| bestpractical | request_tracker | 3.8.12 | |
| bestpractical | request_tracker | 3.8.13 | |
| bestpractical | request_tracker | 3.8.14 | |
| bestpractical | request_tracker | 3.8.15 | |
| bestpractical | request_tracker | 3.8.16 | |
| bestpractical | request_tracker | 4.0.0 | |
| bestpractical | request_tracker | 4.0.1 | |
| bestpractical | request_tracker | 4.0.2 | |
| bestpractical | request_tracker | 4.0.3 | |
| bestpractical | request_tracker | 4.0.4 | |
| bestpractical | request_tracker | 4.0.5 | |
| bestpractical | request_tracker | 4.0.6 | |
| bestpractical | request_tracker | 4.0.7 | |
| bestpractical | request_tracker | 4.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1618AE-1526-4372-B05B-BC67D808AC47",
"versionEndIncluding": "4.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0C56979C-C3BE-430D-AFFC-F9C89A907529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9298A97B-D52F-4B1B-9A90-B102B9D22585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "47AA840F-9E00-4ABF-BFBC-5ABE88AA0B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E751355A-5C27-47D5-A501-BE0033BB8E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB660C2B-9EAB-45E7-83D4-C61B71A70704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6149929E-AC54-484C-9914-BE5B9011B6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96D2D87E-2C68-44F7-B8C5-922452742A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD49949-14EC-4023-8FC5-6BDC5EC64991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF47625-80E7-4B73-8C93-8E022AC2703B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C24F467B-2654-4ED4-B1C9-66BE6D263C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5947B639-9DA1-401A-A227-31A065B4C1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B005E-8714-4E5D-B026-E22C7FA6DCEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B688DE-4F85-4E2C-AC11-03B7AEE52389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "47951328-8CC4-4BD9-ACB7-5D3543305455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "54781FF6-D6DC-40A0-BE84-4D0FA3321280",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating \"We were unable to replicate it, and the individual that reported it retracted their report,\" and \"we had verified that the claimed exploit did not function according to the author\u0027s claims."
},
{
"lang": "es",
"value": "** DISPUTADA ** Vulnerabilidad de inyecci\u00f3n SQL en Approvals/ en Request Tracker (RT) 4.0.10 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro ShowPending. NOTA: el proveedor disputa este problema, diciendo que \u0027No somo capaces de reproducirlo, y el individuo que lo anuncio han retractado su informe,\u0027 y \u0027hab\u00edamos verificado que la explotaci\u00f3n afirmada no funcionaba seg\u00fan las afirmaciones del autor.\u0027"
}
],
"id": "CVE-2013-3525",
"lastModified": "2024-11-21T01:53:49.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-10T21:55:02.430",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://cxsecurity.com/issue/WLB-2013040083"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/92265"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/59022"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://cxsecurity.com/issue/WLB-2013040083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/92265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/59022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83375"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-16 02:59
Modified
2024-11-21 01:54
Severity ?
Summary
The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | 4.0.0 | |
| bestpractical | request_tracker | 4.0.1 | |
| bestpractical | request_tracker | 4.0.2 | |
| bestpractical | request_tracker | 4.0.3 | |
| bestpractical | request_tracker | 4.0.4 | |
| bestpractical | request_tracker | 4.0.5 | |
| bestpractical | request_tracker | 4.0.6 | |
| bestpractical | request_tracker | 4.0.7 | |
| bestpractical | request_tracker | 4.0.8 | |
| bestpractical | request_tracker | 4.0.9 | |
| bestpractical | request_tracker | 4.0.10 | |
| bestpractical | request_tracker | 4.0.11 | |
| bestpractical | request_tracker | 4.0.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "54781FF6-D6DC-40A0-BE84-4D0FA3321280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8555184-9645-4A86-A342-DB2716FA4502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB4167E-E120-49E5-B41C-2ED61CEB3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A908C589-C929-4DDB-AA04-428604BD13B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B97DF0A9-2C43-41FF-B0A0-D57E4D9F5451",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors."
},
{
"lang": "es",
"value": "La extensi\u00f3n (tambi\u00e9n conocida como RT-Extension-MobileUI) anterior a 1.04 en Request Tracker (RT) 4.0.0 anterior a 4.0.13, cuando se utiliza el almacenamiento de sesi\u00f3n basado en archivos (Apache::Session::File) y ciertas extensiones de autenticaci\u00f3n, permite a atacantes remotos reutilizar sesiones que no est\u00e1n autorizadas y obtener las preferencias del usuario y memoria cach\u00e9 a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-3737",
"lastModified": "2024-11-21T01:54:12.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-16T02:59:01.793",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/53799"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/94280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/53799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/94280"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:56
Severity ?
Summary
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB3EE6-1C20-478B-956D-E490BC90FC50",
"versionEndIncluding": "4.4.0",
"versionStartIncluding": "4.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing."
},
{
"lang": "es",
"value": "La funcionalidad email-ingestion en Best Practical Request Tracker, desde la versi\u00f3n 4.1.3 hasta la 4.4 permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio mediante un ataque de complejidad algor\u00edtmica en el an\u00e1lisis de direcciones de correo electr\u00f3nico."
}
],
"id": "CVE-2018-18898",
"lastModified": "2024-11-21T03:56:50.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:29.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://bestpractical.com/download-page"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4517-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://bestpractical.com/download-page"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4517-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-03 05:15
Modified
2024-11-21 08:20
Severity ?
Summary
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/4.4.7 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/5.0.5 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/4.4.7 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/5.0.5 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5782F7D4-E17A-4BB3-8AEB-02CEAA4A5DEF",
"versionEndExcluding": "4.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE81C97-B149-415E-B44E-4ACB3669809C",
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) anterior a 4.4.7 y 5.x anterior a 5.0.5 permite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de encabezados de correo electr\u00f3nico RT falsos o falsificados en un mensaje de correo electr\u00f3nico o una llamada API REST de puerta de enlace de correo."
}
],
"id": "CVE-2023-41259",
"lastModified": "2024-11-21T08:20:55.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-03T05:15:29.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-09 14:59
Modified
2024-11-21 02:20
Severity ?
Summary
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0C56979C-C3BE-430D-AFFC-F9C89A907529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9298A97B-D52F-4B1B-9A90-B102B9D22585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "47AA840F-9E00-4ABF-BFBC-5ABE88AA0B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E751355A-5C27-47D5-A501-BE0033BB8E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB660C2B-9EAB-45E7-83D4-C61B71A70704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6149929E-AC54-484C-9914-BE5B9011B6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96D2D87E-2C68-44F7-B8C5-922452742A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD49949-14EC-4023-8FC5-6BDC5EC64991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF47625-80E7-4B73-8C93-8E022AC2703B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C24F467B-2654-4ED4-B1C9-66BE6D263C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5947B639-9DA1-401A-A227-31A065B4C1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B005E-8714-4E5D-B026-E22C7FA6DCEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B688DE-4F85-4E2C-AC11-03B7AEE52389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "47951328-8CC4-4BD9-ACB7-5D3543305455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2A1A08-7109-4411-B632-72C43E29271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "54781FF6-D6DC-40A0-BE84-4D0FA3321280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8555184-9645-4A86-A342-DB2716FA4502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB4167E-E120-49E5-B41C-2ED61CEB3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A908C589-C929-4DDB-AA04-428604BD13B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B97DF0A9-2C43-41FF-B0A0-D57E4D9F5451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73AE7380-BD83-4CBD-B800-4ED1C9F2114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A90AB565-C945-480C-A159-F0D157920C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4316AA-3412-4CE8-9757-B5A9875E5113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "048340BE-7179-4DCD-9A7A-B0C91C384E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB14ADD-F24C-4122-9EDE-FCB0E7E53065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "725F177A-347F-46FB-88BE-3EE8CD340A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "711FB4EF-6E49-408B-A73D-5AF0E5281919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E54887-C460-4778-B570-8A86B51A7DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E19B8ABA-806D-404B-8303-A487D2276B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "10368C1D-3D9C-4AC8-83B7-3C17F544F533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "016A9A48-9F12-4842-862F-4A192DA0D924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D148F2A-F6B1-432A-9743-35BC43E86B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2445145B-A162-484D-ABDF-053C20FD7E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15EE6E16-375A-42B0-AE3C-E1FB95E9F466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83BF8033-9E4D-4B8B-B9E4-E992FE848F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C68D322-E453-48D5-A5FB-39C744D90858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3881CA9B-5358-4808-9041-DE3E2FC8927F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A95CE3FD-5311-4644-8417-A74FF6B88458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD1F04-3D0E-4210-8039-073B28ECCD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26235782-E3A1-4D71-9E82-87DAC822D79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email."
},
{
"lang": "es",
"value": "email gateway en RT (tambi\u00e9n conocido como Request Tracker) 3.0.0 hasta 4.x anterior a 4.0.23 y 4.2.x anterior a 4.2.10 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU y disco) a trav\u00e9s de un email manipulado."
}
],
"id": "CVE-2014-9472",
"lastModified": "2024-11-21T02:20:58.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-09T14:59:02.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72832"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-05 17:06
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | 4.0.0 | |
| bestpractical | request_tracker | 4.0.1 | |
| bestpractical | request_tracker | 4.0.2 | |
| bestpractical | request_tracker | 4.0.3 | |
| bestpractical | request_tracker | 4.0.4 | |
| bestpractical | request_tracker | 4.0.5 | |
| bestpractical | request_tracker | 4.0.6 | |
| bestpractical | request_tracker | 4.0.7 | |
| bestpractical | request_tracker | 4.0.8 | |
| bestpractical | request_tracker | 4.0.9 | |
| bestpractical | request_tracker | 4.0.10 | |
| bestpractical | request_tracker | 4.0.11 | |
| bestpractical | request_tracker | 4.0.12 | |
| bestpractical | rt-extension-mobileui | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "54781FF6-D6DC-40A0-BE84-4D0FA3321280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8555184-9645-4A86-A342-DB2716FA4502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB4167E-E120-49E5-B41C-2ED61CEB3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A908C589-C929-4DDB-AA04-428604BD13B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B97DF0A9-2C43-41FF-B0A0-D57E4D9F5451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt-extension-mobileui:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16AF6F45-72CD-4CE2-BE1A-0FD0A405C8FA",
"versionEndIncluding": "1.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la extensi\u00f3n MobileUI (tambi\u00e9n conocido como RT-Extension-MobileUI) anterior a 1.04 en Request Tracker (RT) 4.0.0 anterior a 4.0.13 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del nombre de un archivo adjunto."
}
],
"id": "CVE-2013-3736",
"lastModified": "2024-11-21T01:54:12.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-05T17:06:04.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/94281"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53799"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/94281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84963"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-03 16:29
Modified
2024-11-21 03:27
Severity ?
Summary
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3882 | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3883 | Third Party Advisory | |
| cve@mitre.org | https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3882 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3883 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "54781FF6-D6DC-40A0-BE84-4D0FA3321280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8555184-9645-4A86-A342-DB2716FA4502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB4167E-E120-49E5-B41C-2ED61CEB3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A908C589-C929-4DDB-AA04-428604BD13B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B97DF0A9-2C43-41FF-B0A0-D57E4D9F5451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73AE7380-BD83-4CBD-B800-4ED1C9F2114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A90AB565-C945-480C-A159-F0D157920C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4316AA-3412-4CE8-9757-B5A9875E5113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "048340BE-7179-4DCD-9A7A-B0C91C384E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB14ADD-F24C-4122-9EDE-FCB0E7E53065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "725F177A-347F-46FB-88BE-3EE8CD340A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "711FB4EF-6E49-408B-A73D-5AF0E5281919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E54887-C460-4778-B570-8A86B51A7DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E19B8ABA-806D-404B-8303-A487D2276B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "10368C1D-3D9C-4AC8-83B7-3C17F544F533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B4054F0C-ED26-4B96-AF48-7F012DFF6836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3F262EE4-AF42-406C-9C56-4D0149954509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "016A9A48-9F12-4842-862F-4A192DA0D924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D148F2A-F6B1-432A-9743-35BC43E86B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2445145B-A162-484D-ABDF-053C20FD7E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15EE6E16-375A-42B0-AE3C-E1FB95E9F466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83BF8033-9E4D-4B8B-B9E4-E992FE848F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C68D322-E453-48D5-A5FB-39C744D90858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3881CA9B-5358-4808-9041-DE3E2FC8927F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A95CE3FD-5311-4644-8417-A74FF6B88458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD1F04-3D0E-4210-8039-073B28ECCD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26235782-E3A1-4D71-9E82-87DAC822D79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "944E381D-8133-40D8-AE36-DB200E1B2E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6DAD64-37C7-4446-89EF-2F0B06C10050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "54510C9E-1C10-4624-8915-1548AB858C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F2E28D-8798-4E1C-806C-5785E571E40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38CD098-4B4C-4942-98C3-381795ECFFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78B2EEBC-1695-42B9-85BA-581BA93125FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack."
},
{
"lang": "es",
"value": "Request Tracker (RT) versi\u00f3n 4.x anterior a 4.0.25, versi\u00f3n 4.2.x anterior a 4.2.14, y versi\u00f3n 4.4.x anterior a 4.4.2, no usa un algoritmo de comparaci\u00f3n de tiempo constante para secretos, lo que facilita a los atacantes remotos obtener informaci\u00f3n confidencial de contrase\u00f1a de usuario por medio de un ataque al canal lateral de sincronizaci\u00f3n."
}
],
"id": "CVE-2017-5361",
"lastModified": "2024-11-21T03:27:27.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-03T16:29:00.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3883"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-45024
Vulnerability from cvelistv5
Published
2023-11-03 00:00
Modified
2024-09-06 14:00
Severity ?
EPSS score ?
Summary
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T14:00:24.225531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:00:30.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T04:19:31.617955",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45024",
"datePublished": "2023-11-03T00:00:00",
"dateReserved": "2023-10-03T00:00:00",
"dateUpdated": "2024-09-06T14:00:30.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5475
Vulnerability from cvelistv5
Published
2015-08-14 18:00
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bestpractical.com/release-notes/rt/4.2.12 | x_refsource_CONFIRM | |
| http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2015/dsa-3335 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/76364 | vdb-entry, x_refsource_BID | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bestpractical.com/release-notes/rt/4.2.12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"
},
{
"name": "FEDORA-2015-13718",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"
},
{
"name": "FEDORA-2015-13641",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"
},
{
"name": "DSA-3335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3335"
},
{
"name": "76364",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76364"
},
{
"name": "FEDORA-2015-13664",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bestpractical.com/release-notes/rt/4.2.12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"
},
{
"name": "FEDORA-2015-13718",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"
},
{
"name": "FEDORA-2015-13641",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"
},
{
"name": "DSA-3335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3335"
},
{
"name": "76364",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76364"
},
{
"name": "FEDORA-2015-13664",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bestpractical.com/release-notes/rt/4.2.12",
"refsource": "CONFIRM",
"url": "https://bestpractical.com/release-notes/rt/4.2.12"
},
{
"name": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"
},
{
"name": "FEDORA-2015-13718",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"
},
{
"name": "FEDORA-2015-13641",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"
},
{
"name": "DSA-3335",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3335"
},
{
"name": "76364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76364"
},
{
"name": "FEDORA-2015-13664",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5475",
"datePublished": "2015-08-14T18:00:00",
"dateReserved": "2015-07-10T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6127
Vulnerability from cvelistv5
Published
2017-07-03 16:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99375 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3882 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "99375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99375"
},
{
"name": "DSA-3882",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "99375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99375"
},
{
"name": "DSA-3882",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016",
"refsource": "CONFIRM",
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "99375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99375"
},
{
"name": "DSA-3882",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6127",
"datePublished": "2017-07-03T16:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18898
Vulnerability from cvelistv5
Published
2019-03-17 21:16
Modified
2024-08-05 11:23
Severity ?
EPSS score ?
Summary
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/ | vendor-advisory, x_refsource_FEDORA | |
| https://bestpractical.com/download-page | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4517-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-73cbc02e14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"name": "FEDORA-2019-ef5551fcff",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bestpractical.com/download-page"
},
{
"name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"name": "USN-4517-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4517-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-22T14:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2019-73cbc02e14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"name": "FEDORA-2019-ef5551fcff",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bestpractical.com/download-page"
},
{
"name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"name": "USN-4517-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4517-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-73cbc02e14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"name": "FEDORA-2019-ef5551fcff",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"name": "https://bestpractical.com/download-page",
"refsource": "CONFIRM",
"url": "https://bestpractical.com/download-page"
},
{
"name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"name": "USN-4517-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4517-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18898",
"datePublished": "2019-03-17T21:16:19",
"dateReserved": "2018-11-02T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38562
Vulnerability from cvelistv5
Published
2021-10-18 08:52
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.bestpractical.com/release-notes/rt/index.html | x_refsource_MISC | |
| https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"name": "FEDORA-2021-825dd1879f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"name": "[debian-lts-announce] 20220623 [SECURITY] [DLA 3057-1] request-tracker4 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-23T09:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"name": "FEDORA-2021-825dd1879f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"name": "[debian-lts-announce] 20220623 [SECURITY] [DLA 3057-1] request-tracker4 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.bestpractical.com/release-notes/rt/index.html",
"refsource": "MISC",
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"name": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c",
"refsource": "CONFIRM",
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"name": "FEDORA-2021-825dd1879f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"name": "[debian-lts-announce] 20220623 [SECURITY] [DLA 3057-1] request-tracker4 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38562",
"datePublished": "2021-10-18T08:52:58",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5944
Vulnerability from cvelistv5
Published
2017-07-03 16:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99381 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3882 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "99381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99381"
},
{
"name": "DSA-3882",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "99381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99381"
},
{
"name": "DSA-3882",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016",
"refsource": "CONFIRM",
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "99381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99381"
},
{
"name": "DSA-3882",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5944",
"datePublished": "2017-07-03T16:00:00",
"dateReserved": "2017-02-09T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6580
Vulnerability from cvelistv5
Published
2013-07-24 10:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message\u0027s origin or interfere with encryption-policy auditing via an e-mail message to a queue\u0027s address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-24T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message\u0027s origin or interfere with encryption-policy auditing via an e-mail message to a queue\u0027s address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6580",
"datePublished": "2013-07-24T10:00:00Z",
"dateReserved": "2013-07-23T00:00:00Z",
"dateUpdated": "2024-09-17T02:11:50.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41259
Vulnerability from cvelistv5
Published
2023-11-03 00:00
Modified
2024-09-05 14:54
Severity ?
EPSS score ?
Summary
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:best_practical_solutions:request_tracker:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "request_tracker",
"vendor": "best_practical_solutions",
"versions": [
{
"lessThan": "4.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.0.5",
"status": "affected",
"version": "5x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:52:22.819347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:54:06.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T04:14:28.149924",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41259",
"datePublished": "2023-11-03T00:00:00",
"dateReserved": "2023-08-25T00:00:00",
"dateUpdated": "2024-09-05T14:54:06.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25802
Vulnerability from cvelistv5
Published
2022-07-14 11:49
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.bestpractical.com/release-notes/rt/index.html | x_refsource_MISC | |
| https://docs.bestpractical.com/release-notes/rt/4.4.6 | x_refsource_CONFIRM | |
| https://docs.bestpractical.com/release-notes/rt/5.0.3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T11:49:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.bestpractical.com/release-notes/rt/index.html",
"refsource": "MISC",
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"name": "https://docs.bestpractical.com/release-notes/rt/4.4.6",
"refsource": "CONFIRM",
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"name": "https://docs.bestpractical.com/release-notes/rt/5.0.3",
"refsource": "CONFIRM",
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25802",
"datePublished": "2022-07-14T11:49:40",
"dateReserved": "2022-02-23T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6578
Vulnerability from cvelistv5
Published
2013-07-24 10:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a \"Sign by default\" queue configuration, uses a queue\u0027s key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-24T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a \"Sign by default\" queue configuration, uses a queue\u0027s key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6578",
"datePublished": "2013-07-24T10:00:00Z",
"dateReserved": "2013-07-23T00:00:00Z",
"dateUpdated": "2024-09-17T02:41:14.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1464
Vulnerability from cvelistv5
Published
2015-03-09 14:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3176 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:16.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"name": "DSA-3176",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"name": "FEDORA-2015-4698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"name": "FEDORA-2015-4666",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-08T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"name": "DSA-3176",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"name": "FEDORA-2015-4698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"name": "FEDORA-2015-4666",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"name": "DSA-3176",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"name": "FEDORA-2015-4698",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"name": "FEDORA-2015-4666",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1464",
"datePublished": "2015-03-09T14:00:00",
"dateReserved": "2015-02-03T00:00:00",
"dateUpdated": "2024-08-06T04:47:16.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6506
Vulnerability from cvelistv5
Published
2015-09-03 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bestpractical.com/release-notes/rt/4.2.12 | x_refsource_CONFIRM | |
| http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2015/dsa-3335 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html | vendor-advisory, x_refsource_FEDORA | |
| https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bestpractical.com/release-notes/rt/4.2.12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"
},
{
"name": "FEDORA-2015-13718",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"
},
{
"name": "FEDORA-2015-13641",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"
},
{
"name": "DSA-3335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3335"
},
{
"name": "FEDORA-2015-13664",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bestpractical.com/release-notes/rt/4.2.12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"
},
{
"name": "FEDORA-2015-13718",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"
},
{
"name": "FEDORA-2015-13641",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"
},
{
"name": "DSA-3335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3335"
},
{
"name": "FEDORA-2015-13664",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-6506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bestpractical.com/release-notes/rt/4.2.12",
"refsource": "CONFIRM",
"url": "https://bestpractical.com/release-notes/rt/4.2.12"
},
{
"name": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"
},
{
"name": "FEDORA-2015-13718",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"
},
{
"name": "FEDORA-2015-13641",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"
},
{
"name": "DSA-3335",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3335"
},
{
"name": "FEDORA-2015-13664",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"
},
{
"name": "https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d",
"refsource": "CONFIRM",
"url": "https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-6506",
"datePublished": "2015-09-03T14:00:00",
"dateReserved": "2015-08-18T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5943
Vulnerability from cvelistv5
Published
2017-07-03 16:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99384 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3882 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:48.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "99384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99384"
},
{
"name": "DSA-3882",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "99384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99384"
},
{
"name": "DSA-3882",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016",
"refsource": "CONFIRM",
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "99384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99384"
},
{
"name": "DSA-3882",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5943",
"datePublished": "2017-07-03T16:00:00",
"dateReserved": "2017-02-09T00:00:00",
"dateUpdated": "2024-08-05T15:18:48.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41260
Vulnerability from cvelistv5
Published
2023-11-03 00:00
Modified
2024-09-05 14:51
Severity ?
EPSS score ?
Summary
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:best_practical_solutions:request_tracker:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "request_tracker",
"vendor": "best_practical_solutions",
"versions": [
{
"lessThan": "4.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.0.5",
"status": "affected",
"version": "5x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:47:43.604407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:51:22.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T04:17:29.880900",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41260",
"datePublished": "2023-11-03T00:00:00",
"dateReserved": "2023-08-25T00:00:00",
"dateUpdated": "2024-09-05T14:51:22.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3525
Vulnerability from cvelistv5
Published
2013-05-10 21:00
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
References
| ▼ | URL | Tags |
|---|---|---|
| http://cxsecurity.com/issue/WLB-2013040083 | x_refsource_MISC | |
| http://osvdb.org/92265 | vdb-entry, x_refsource_OSVDB | |
| http://blog.bestpractical.com/2013/04/on-our-security-policies.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/59022 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83375 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cxsecurity.com/issue/WLB-2013040083"
},
{
"name": "92265",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92265"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html"
},
{
"name": "59022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59022"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html"
},
{
"name": "requesttracker-showpending-sql-injection(83375)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83375"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating \"We were unable to replicate it, and the individual that reported it retracted their report,\" and \"we had verified that the claimed exploit did not function according to the author\u0027s claims."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cxsecurity.com/issue/WLB-2013040083"
},
{
"name": "92265",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92265"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html"
},
{
"name": "59022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59022"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html"
},
{
"name": "requesttracker-showpending-sql-injection(83375)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83375"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating \"We were unable to replicate it, and the individual that reported it retracted their report,\" and \"we had verified that the claimed exploit did not function according to the author\u0027s claims.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cxsecurity.com/issue/WLB-2013040083",
"refsource": "MISC",
"url": "http://cxsecurity.com/issue/WLB-2013040083"
},
{
"name": "92265",
"refsource": "OSVDB",
"url": "http://osvdb.org/92265"
},
{
"name": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html",
"refsource": "MISC",
"url": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html"
},
{
"name": "59022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59022"
},
{
"name": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html"
},
{
"name": "requesttracker-showpending-sql-injection(83375)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83375"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3525",
"datePublished": "2013-05-10T21:00:00",
"dateReserved": "2013-05-10T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25803
Vulnerability from cvelistv5
Published
2022-07-14 11:51
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.bestpractical.com/release-notes/rt/index.html | x_refsource_MISC | |
| https://docs.bestpractical.com/release-notes/rt/5.0.3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T11:51:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.bestpractical.com/release-notes/rt/index.html",
"refsource": "MISC",
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"name": "https://docs.bestpractical.com/release-notes/rt/5.0.3",
"refsource": "CONFIRM",
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25803",
"datePublished": "2022-07-14T11:51:19",
"dateReserved": "2022-02-23T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6581
Vulnerability from cvelistv5
Published
2013-07-24 10:00
Modified
2024-09-17 00:35
Severity ?
EPSS score ?
Summary
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product\u0027s keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-24T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product\u0027s keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6581",
"datePublished": "2013-07-24T10:00:00Z",
"dateReserved": "2013-07-23T00:00:00Z",
"dateUpdated": "2024-09-17T00:35:53.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5361
Vulnerability from cvelistv5
Published
2017-07-03 16:00
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3883 | vendor-advisory, x_refsource_DEBIAN | |
| https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3882 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3883"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "DSA-3882",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-03T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3883"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "DSA-3882",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3883",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3883"
},
{
"name": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016",
"refsource": "CONFIRM",
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "DSA-3882",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5361",
"datePublished": "2017-07-03T16:00:00",
"dateReserved": "2017-01-13T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1165
Vulnerability from cvelistv5
Published
2015-03-09 14:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3176 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"name": "DSA-3176",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"name": "FEDORA-2015-4698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"name": "FEDORA-2015-4666",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-08T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"name": "DSA-3176",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"name": "FEDORA-2015-4698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"name": "FEDORA-2015-4666",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"name": "DSA-3176",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"name": "FEDORA-2015-4698",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"name": "FEDORA-2015-4666",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1165",
"datePublished": "2015-03-09T14:00:00",
"dateReserved": "2015-01-17T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6579
Vulnerability from cvelistv5
Published
2013-07-24 10:00
Modified
2024-09-17 04:05
Severity ?
EPSS score ?
Summary
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue\u0027s address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-24T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue\u0027s address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6579",
"datePublished": "2013-07-24T10:00:00Z",
"dateReserved": "2013-07-23T00:00:00Z",
"dateUpdated": "2024-09-17T04:05:16.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3736
Vulnerability from cvelistv5
Published
2014-05-05 17:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84963 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/94281 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/53799 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:00.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20130612 Security vulnerability in RT::Extension::MobileUI",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html"
},
{
"name": "rtextensionmobileui-cve20133736-xss(84963)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84963"
},
{
"name": "94281",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94281"
},
{
"name": "53799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20130612 Security vulnerability in RT::Extension::MobileUI",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html"
},
{
"name": "rtextensionmobileui-cve20133736-xss(84963)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84963"
},
{
"name": "94281",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94281"
},
{
"name": "53799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20130612 Security vulnerability in RT::Extension::MobileUI",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html"
},
{
"name": "rtextensionmobileui-cve20133736-xss(84963)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84963"
},
{
"name": "94281",
"refsource": "OSVDB",
"url": "http://osvdb.org/94281"
},
{
"name": "53799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3736",
"datePublished": "2014-05-05T17:00:00",
"dateReserved": "2013-05-31T00:00:00",
"dateUpdated": "2024-08-06T16:22:00.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9472
Vulnerability from cvelistv5
Published
2015-03-09 14:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/72832 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2015/dsa-3176 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:40.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"name": "72832",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72832"
},
{
"name": "DSA-3176",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"name": "FEDORA-2015-4698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"name": "FEDORA-2015-4666",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-08T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"name": "72832",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72832"
},
{
"name": "DSA-3176",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"name": "FEDORA-2015-4698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"name": "FEDORA-2015-4666",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
},
{
"name": "72832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72832"
},
{
"name": "DSA-3176",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"name": "FEDORA-2015-4698",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"name": "FEDORA-2015-4666",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9472",
"datePublished": "2015-03-09T14:00:00",
"dateReserved": "2015-01-03T00:00:00",
"dateUpdated": "2024-08-06T13:47:40.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3737
Vulnerability from cvelistv5
Published
2014-11-16 02:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/94280 | vdb-entry, x_refsource_OSVDB | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/53799 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:00.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94280",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/94280"
},
{
"name": "[rt-announce] 20130612 Security vulnerability in RT::Extension::MobileUI",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html"
},
{
"name": "53799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-16T01:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94280",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/94280"
},
{
"name": "[rt-announce] 20130612 Security vulnerability in RT::Extension::MobileUI",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html"
},
{
"name": "53799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94280",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/94280"
},
{
"name": "[rt-announce] 20130612 Security vulnerability in RT::Extension::MobileUI",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html"
},
{
"name": "53799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3737",
"datePublished": "2014-11-16T02:00:00",
"dateReserved": "2013-05-31T00:00:00",
"dateUpdated": "2024-08-06T16:22:00.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}