DSA-5541-1 request-tracker5 -- request-tracker5ID: oval:org.secpod.oval:def:95379 | Date: (C)2023-12-05 (M)2024-01-16 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. CVE-2023-41259 Tom Wolters reported that Request Tracker is vulnerable to accepting unvalidated RT email headers in incoming email and the mail-gateway REST interface. CVE-2023-41260 Tom Wolters reported that Request Tracker is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface. CVE-2023-45024 It was reported that Request Tracker is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder.
Product: |
rt5-fcgi |
rt5-clients |
rt5-db-postgresql |
rt5-db-sqlite |
rt5-apache2 |
rt5-doc-html |
rt5-standalone |
request-tracker5 |
rt5-db-mysql |