Request Tracker@4.0.9 Security Vulnerabilities and Issues — Request Tracker@4.0.9 CVE List

Lucene search

BestpracticalRequest Tracker4.0.9

8 matches found

CVE•added 2017/07/03 4:29 p.m.•163 views

CVE-2017-5943

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.

8.8CVSS8.2AI score0.00409EPSS

CVE•added 2017/07/03 4:29 p.m.•86 views

CVE-2017-5944

The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.

8.8CVSS8.5AI score0.04438EPSS

CVE•added 2017/07/03 4:29 p.m.•64 views

CVE-2017-5361

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.

5.9CVSS6.6AI score0.00358EPSS

CVE•added 2015/03/09 2:59 p.m.•56 views

CVE-2014-9472

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

7.1CVSS8AI score0.00875EPSS

CVE•added 2015/03/09 2:59 p.m.•52 views

CVE-2015-1165

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

5CVSS8.2AI score0.00388EPSS

CVE•added 2017/07/03 4:29 p.m.•52 views

CVE-2016-6127

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified cont...

6.1CVSS6.5AI score0.00324EPSS

CVE•added 2014/05/05 5:6 p.m.•46 views

CVE-2013-3736

Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file.

4.3CVSS5.9AI score0.00309EPSS

CVE•added 2014/11/16 2:59 a.m.•29 views

CVE-2013-3737

The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and c...

5CVSS7.1AI score0.00348EPSS