Lucene search

FreeBSDE14B9870-62A4-11EE-897B-000BAB9F87F1

HistoryOct 18, 2023 - 12:00 a.m.

Request Tracker -- multiple vulnerabilities

2023-10-1800:00:00

vuxml.freebsd.org

request tracker

vulnerabilities

email headers

information leakage

rest interface

transaction searches

authenticated users

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.2%

JSON

Request Tracker reports:
CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface.
CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface.
CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrt44< 4.4.6UNKNOWN
FreeBSDanynoarchrt50< 5.0.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	rt44	< 4.4.6	UNKNOWN
FreeBSD	any	noarch	rt50	< 5.0.4	UNKNOWN

References

bestpractical.com/request-tracker/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.2%

JSON

Related for E14B9870-62A4-11EE-897B-000BAB9F87F1