Request Tracker Security Vulnerabilities and Issues — Request Tracker CVE List

Lucene search

BestpracticalRequest Tracker

3 matches found

CVE•added 2017/07/03 4:29 p.m.•64 views

CVE-2017-5361

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.

5.9CVSS6.6AI score0.00358EPSS

CVE•added 2015/03/09 2:59 p.m.•52 views

CVE-2015-1165

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

5CVSS8.2AI score0.00388EPSS

CVE•added 2014/11/16 2:59 a.m.•29 views

CVE-2013-3737

The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and c...

5CVSS7.1AI score0.00348EPSS