CVE-2024-3262

2024-04-0410:15:09

CWE-200

INCIBE

web.nvd.nist.gov

information exposure

rt software

version 4.4.1

local access

sensitive information

browser cache

session termination

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.

Affected configurations

Vulners

Node

best_practical_solutionsrequest_trackerRange≤4.4.1

VendorProductVersionCPE
best_practical_solutionsrequest_tracker*cpe:2.3:a:best_practical_solutions:request_tracker:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
best_practical_solutions	request_tracker	*	cpe:2.3:a:best_practical_solutions:request_tracker::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Request Tracker",
    "vendor": "Best Practical Solutions",
    "versions": [
      {
        "status": "affected",
        "version": "4.4.1"
      }
    ]
  }
]