EPSS
Percentile
28.1%
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
docs.bestpractical.com/release-notes/rt/4.4.7
docs.bestpractical.com/release-notes/rt/5.0.5
docs.bestpractical.com/release-notes/rt/index.html