Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bestpractical request tracker vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-25800
Best Practical RT for Incident Response (RTIR) prior to 4.0.3 and 5.x prior to 5.0.3 allows SSRF via the whois lookup tool.
Bestpractical Request Tracker For Incident Response
9.1
CVSSv3
CVE-2022-25801
Best Practical RT for Incident Response (RTIR) prior to 4.0.3 and 5.x prior to 5.0.3 allows SSRF via Scripted Action tools.
Bestpractical Request Tracker For Incident Response
8.8
CVSSv3
CVE-2017-5943
Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 allows remote malicious users to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.4
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.13
Bestpractical Request Tracker 4.0.15
Bestpractical Request Tracker 4.0.22
Bestpractical Request Tracker 4.0.24
Bestpractical Request Tracker 4.2.6
Bestpractical Request Tracker 4.2.8
Bestpractical Request Tracker 4.2.13
Bestpractical Request Tracker 4.4.0
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
8.8
CVSSv3
CVE-2017-5944
The dashboard subscription interface in Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.0.14
Bestpractical Request Tracker 4.0.19
Bestpractical Request Tracker 4.0.21
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.5
Bestpractical Request Tracker 4.2.12
Bestpractical Request Tracker 4.4.1
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.23
Bestpractical Request Tracker 4.0.24
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.4.0
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.1
7.5
CVSSv3
CVE-2023-45024
Best Practical Request Tracker (RT) 5 prior to 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
Bestpractical Request Tracker
7.5
CVSSv3
CVE-2023-41259
Best Practical Request Tracker (RT) prior to 4.4.7 and 5.x prior to 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
Bestpractical Request Tracker
7.5
CVSSv3
CVE-2023-41260
Best Practical Request Tracker (RT) prior to 4.4.7 and 5.x prior to 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
Bestpractical Request Tracker
7.5
CVSSv3
CVE-2021-38562
Best Practical Request Tracker (RT) 4.2 prior to 4.2.17, 4.4 prior to 4.4.5, and 5.0 prior to 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
Bestpractical Request Tracker
Fedoraproject Fedora 35
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2018-18898
The email-ingestion feature in Best Practical Request Tracker 4.1.13 up to and including 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
Bestpractical Request Tracker
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2022-25802
Best Practical Request Tracker (RT) prior to 4.4.6 and 5.x prior to 5.0.3 allows XSS via a crafted content type for an attachment.
Bestpractical Request Tracker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »