Lucene search
K
BestpracticalRequest Tracker

27 matches found

CVE
CVE
added 2021/10/18 8:52 a.m.191 views

CVE-2021-38562

CVE-2021-38562 affects Best Practical Request Tracker (RT) prior to specific fixed releases. A timing-attack vulnerability in lib/RT/REST2/Middleware/Auth.pm can disclose sensitive information. Affected RT versions include 4.2.x before 4.2.17, 4.4.x before 4.4.5, and 5.0.x before 5.0.2. Public ad...

7.5CVSS7AI score0.01707EPSS
CVE
CVE
added 2017/07/03 4:0 p.m.179 views

CVE-2017-5943

CVE-2017-5943 affects Request Tracker (RT) 4.x series. A remote attacker can obtain CSRF verification tokens by sending a crafted URL, enabling leakage of token data. Affected versions include RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2. CVSS appears high (8.8) with network ...

8.8CVSS8.2AI score0.00835EPSS
CVE
CVE
added 2022/07/14 11:49 a.m.151 views

CVE-2022-25802

CVE-2022-25802 details: Best Practical Request Tracker (RT) is vulnerable to a cross-site scripting (XSS) flaw when displaying an attachment, exploitable via a crafted content type. Affected versions are RT 4.4.0–4.4.6 and RT 5.x prior to 5.0.3. Public sources indicate upstream fixes/patches have...

6.1CVSS5.9AI score0.00604EPSS
CVE
CVE
added 2023/11/03 12:0 a.m.140 views

CVE-2023-41259

CVE-2023-41259 affects Best Practical Request Tracker (RT) prior to 4.4.7 and RT 5.x prior to 5.0.5, allowing Information Disclosure via fake or spoofed RT email headers in an email message or in the mail-gateway REST API call. The underlying issue is unvalidated email headers accepted by RT, ena...

7.5CVSS7.1AI score0.00717EPSS
CVE
CVE
added 2023/11/03 12:0 a.m.126 views

CVE-2023-41260

CVE-2023-41260 affects Best Practical Request Tracker (RT) prior to 4.4.7 and RT 5.x prior to 5.0.5, enabling information exposure in responses to mail-gateway REST API calls. Public references indicate fixes in RT 4.4.7 and RT 5.0.5, with Debian LTS patching RT 4.4.3-2+deb10u3. No exploitation d...

7.5CVSS7.2AI score0.00705EPSS
CVE
CVE
added 2019/03/17 9:16 p.m.120 views

CVE-2018-18898

CVE-2018-18898 affects Best Practical Request Tracker (RT) email-ingestion, with versions 4.1.13 through 4.4 vulnerable to a DoS via an algorithmic complexity attack on email address parsing. The issue arises in the parsing component responsible for handling incoming email addresses, enabling rem...

7.5CVSS7.2AI score0.02356EPSS
CVE
CVE
added 2017/07/03 4:0 p.m.115 views

CVE-2017-5944

The CVE-2017-5944 issue affects Best Practical Solutions RT 4.x, specifically versions before 4.0.25 (4.0.x), before 4.2.14 (4.2.x), and before 4.4.2 (4.4.x). The vulnerability arises in the dashboard subscription interface where a remote authenticated user with certain privileges can trigger arb...

8.8CVSS8.5AI score0.02784EPSS
CVE
CVE
added 2022/07/14 11:51 a.m.94 views

CVE-2022-25803

The CVE-2022-25803 entry concerns Best Practical Request Tracker (RT) before 5.0.3, which is vulnerable to an Open Redirect via a ticket search. Public references note the issue as part of RT’s release notes for 5.0.3, indicating an in-product redirect vulnerability rather than a broader exploita...

6.1CVSS6.2AI score0.00445EPSS
CVE
CVE
added 2023/11/03 12:0 a.m.79 views

CVE-2023-45024

CVE-2023-45024 affects Best Practical Request Tracker (RT) 5.x, with information disclosure via a transaction search in the transaction query builder. The vulnerability is associated with RT versions before 5.0.5, as cited in multiple sources (NVD entry for CVE-2023-45024 and related advisories)....

7.5CVSS7.1AI score0.00596EPSS
CVE
CVE
added 2017/07/03 4:0 p.m.76 views

CVE-2017-5361

CVE-2017-5361 affects Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2. Root cause: RT did not use a constant-time comparison for secrets, enabling remote timing side-channel observations to leak sensitive password information. Impact: partial confidential...

5.9CVSS6.6AI score0.01368EPSS
CVE
CVE
added 2015/03/09 2:0 p.m.71 views

CVE-2015-1464

CVE-2015-1464 concerns Request Tracker (RT) session hijacking via an RSS feed URL. The vulnerability affects RT where RSS feed URLs could be exploited to log in as the user who created the feed. Affected are RT 4.0.x before 4.0.23 and RT 4.2.x before 4.2.10. Public advisories (Fedora, Debian) ind...

6.4CVSS8.4AI score0.01992EPSS
CVE
CVE
added 2025/05/28 12:0 a.m.69 views

CVE-2025-30087

Best Practical RT (Request Tracker) is affected by CVE-2025-30087: versions 4.4 through 4.4.7 and 5.0 through 5.0.7 are vulnerable to cross-site scripting (XSS) via crafted parameters in a search URL. The connected documents confirm this vulnerability as an RT issue and reference release notes su...

7.2CVSS6.1AI score0.00258EPSS
CVE
CVE
added 2025/05/28 12:0 a.m.68 views

CVE-2025-31501

Best Practical RT (Request Tracker) 5.0–5.0.7 is affected by an XSS vulnerability via JavaScript injection in an RT permalink. The issue is documented across multiple feeds as CVE-2025-31501 with exposure to remote users, and the impact described is cross-site scripting with low confidentiality/i...

7.2CVSS6.1AI score0.00202EPSS
CVE
CVE
added 2015/03/09 2:0 p.m.67 views

CVE-2014-9472

The CVE-2014-9472 issue affects Best Practical Solutions RT (Request Tracker) versions 3.0.0–4.x up to 4.0.23 and 4.2.x up to 4.2.10, where the email gateway can be exploited by a crafted email to trigger a remote denial-of-service (CPU and disk usage). Connected advisories indicate this vulnerab...

7.1CVSS8AI score0.02825EPSS
CVE
CVE
added 2015/08/14 6:0 p.m.67 views

CVE-2015-5475

CVE-2015-5475 affects Request Tracker (RT) 4.x up to 4.2.12. It exploits cross-site scripting via the user and group rights management pages, enabling remote attackers to inject arbitrary web script/HTML. The vulnerability is documented in multiple sources (NVD, Mageia/other advisories). The stat...

4.3CVSS7.5AI score0.02075EPSS
CVE
CVE
added 2025/05/28 12:0 a.m.66 views

CVE-2025-31500

CVE-2025-31500 affects Best Practical RT (Request Tracker) 5.0–5.0.7, enabling cross-site scripting via JavaScript injection in an Asset name. The connected documents confirm the vulnerability and reference the RT 5.0.8 release, suggesting upgrading to 5.0.8 as remediation. No explicit exploit de...

7.2CVSS6.2AI score0.00202EPSS
CVE
CVE
added 2015/03/09 2:0 p.m.65 views

CVE-2015-1165

CVE-2015-1165 affects RT (Request Tracker) 3.8.8 through RT 4.x up to 4.0.23 and 4.2.x up to 4.2.10, enabling remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. The connected advisories/documents indicate multiple vendors released security updates to addre...

5CVSS8.2AI score0.02118EPSS
CVE
CVE
added 2017/07/03 4:0 p.m.64 views

CVE-2016-6127

CVE-2016-6127: In RT 4.x, an XSS vulnerability exists via file uploads when AlwaysDownloadAttachments is not enabled. Affected versions are RT 4.0.x up to 4.0.25, 4.2.x up to 4.2.14, and 4.4.x up to 4.4.2. Remote attackers can inject arbitrary web script/HTML through a file upload with an unspeci...

6.1CVSS6.5AI score0.01199EPSS
CVE
CVE
added 2015/09/03 2:0 p.m.58 views

CVE-2015-6506

Summary: CVE-2015-6506 is a cross-site scripting (XSS) vulnerability in the Request Tracker (RT) cryptography interface, exploitable via a crafted public key in RT 4.x. Affected software: Request Tracker, versions before 4.2.12 (RT 4.x

4.3CVSS5.5AI score0.02075EPSS
CVE
CVE
added 2014/05/05 5:0 p.m.57 views

CVE-2013-3736

CVE-2013-3736 is an XSS in MobileUI (RT-Extension-MobileUI) for Request Tracker (RT) 4.0.0 before 4.0.13 and MobileUI before 1.04. The flaw allows remote attackers to inject arbitrary web script or HTML via the name of an attached file. Affected components: MobileUI/RT-Extension-MobileUI; affecte...

4.3CVSS5.9AI score0.01161EPSS
CVE
CVE
added 2013/07/24 10:0 a.m.55 views

CVE-2012-6578

CVE-2012-6578 affects Best Practical Solutions RT prior to 3.8.15 and 4.0.x prior to 4.0.8 when GnuPG signing is enabled with a "Sign by default" queue configuration. The flaw causes the system to sign messages using a queue’s key, enabling remote attackers to spoof messages due to missing authen...

4.3CVSS6.7AI score0.01061EPSS
CVE
CVE
added 2013/07/24 10:0 a.m.49 views

CVE-2012-6579

The CVE-2012-6579 entry concerns Best Practical Solutions RT affected versions: RT 3.8.x before 3.8.15 and RT 4.0.x before 4.0.8, where enabling GnuPG allows remote attackers to configure encryption or signing for outbound e‑mail by sending a message to a queue address, potentially causing a deni...

6.4CVSS6.7AI score0.00792EPSS
CVE
CVE
added 2013/07/24 10:0 a.m.48 views

CVE-2012-6581

Best Practical Solutions RT: Affected versions are RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 with GnuPG enabled. The vulnerability lets remote attackers bypass restrictions on reading keys in the keyring and trigger outbound e‑mail messages signed by an arbitrary stored secret key by abusing ...

4.3CVSS6.4AI score0.012EPSS
CVE
CVE
added 2013/07/24 10:0 a.m.47 views

CVE-2012-6580

CVE-2012-6580 affects Best Practical Solutions RT: RT 3.8.x before 3.8.15 and RT 4.0.x before 4.0.8, with GnuPG enabled. The issue is that the UI may not label unencrypted messages as unencrypted, which could allow remote attackers to spoof a message’s origin or interfere with encryption-policy a...

4.3CVSS6.5AI score0.00635EPSS
CVE
CVE
added 2013/05/10 9:0 p.m.42 views

CVE-2013-3525

CVE-2013-3525 affects Request Tracker (RT) versions 4.0.10 and earlier in the Approvals/ section, where a SQL injection via the ShowPending parameter could allow remote command execution. The issue is consistently described across sources as a SQL injection vulnerability; the vendor disputes repl...

7.5CVSS8.7AI score0.02807EPSS
CVE
CVE
added 2014/11/16 2:0 a.m.42 views

CVE-2013-3737

The CVE-2013-3737 issue affects the MobileUI (RT-Extension-MobileUI) for Request Tracker (RT) installations. It concerns MobileUI >=?

5CVSS7.1AI score0.01445EPSS
CVE
CVE
added 2026/05/21 11:49 a.m.24 views

CVE-2026-6841

The CVE-2026-6841 entry describes a reflected cross-site scripting (XSS) vulnerability in Request Tracker (RT) that is triggered via the Page parameter in GET requests, allowing arbitrary JavaScript execution in the victim’s browser. Affected RT versions are 5.0.4–5.0.9 and 6.0.0–6.0.2. The vulne...

6.1CVSS5.9AI score0.00235EPSS