Request Tracker@* Security Vulnerabilities and Issues — Request Tracker@* CVE List

Lucene search

BestpracticalRequest Tracker*

14 matches found

CVE•added 2021/10/18 9:15 a.m.•161 views

CVE-2021-38562

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

7.5CVSS7AI score0.00122EPSS

CVE•added 2022/07/14 12:15 p.m.•121 views

CVE-2022-25802

Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.

6.1CVSS5.9AI score0.00531EPSS

CVE•added 2023/11/03 5:15 a.m.•107 views

CVE-2023-41259

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.

7.5CVSS7.1AI score0.00229EPSS

CVE•added 2019/03/21 4:0 p.m.•96 views

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.

7.5CVSS7.2AI score0.01297EPSS

CVE•added 2023/11/03 5:15 a.m.•96 views

CVE-2023-41260

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.

7.5CVSS7.2AI score0.0019EPSS

CVE•added 2022/07/14 12:15 p.m.•80 views

CVE-2022-25803

Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.

6.1CVSS6.2AI score0.00176EPSS

CVE•added 2015/03/09 2:59 p.m.•61 views

CVE-2015-1464

RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.

6.4CVSS8.4AI score0.00347EPSS

CVE•added 2023/11/03 5:15 a.m.•61 views

CVE-2023-45024

Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.

7.5CVSS7.1AI score0.00078EPSS

CVE•added 2025/05/28 6:15 p.m.•52 views

CVE-2025-30087

Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.

7.2CVSS6.1AI score0.00042EPSS

CVE•added 2015/08/14 6:59 p.m.•51 views

CVE-2015-5475

Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.

4.3CVSS7.5AI score0.00442EPSS

CVE•added 2025/05/28 6:15 p.m.•49 views

CVE-2025-31500

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.

7.2CVSS6.2AI score0.00042EPSS

CVE•added 2025/05/28 6:15 p.m.•49 views

CVE-2025-31501

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.

7.2CVSS6.1AI score0.00042EPSS

CVE•added 2015/09/03 2:59 p.m.•46 views

CVE-2015-6506

Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.

4.3CVSS5.5AI score0.00442EPSS

CVE•added 2013/05/10 9:55 p.m.•32 views

CVE-2013-3525

SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted ...

7.5CVSS8.7AI score0.01525EPSS