Published: 18/10/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Best Practical Request Tracker (RT) 4.2 prior to 4.2.17, 4.4 prior to 4.4.5, and 5.0 prior to 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bestpractical request tracker
fedoraproject fedora 35
debian debian linux 9.0

Debian Bug report logs - #995167 new upstream (502) [CVE-2021-38562] Package: request-tracker5; Maintainer for request-tracker5 is Debian Request Tracker Group <pkg-request-tracker-maintainers@listsaliothdebianorg>; Source for request-tracker5 is src:request-tracker5 (PTS, buildd, popcon) Reported by: danielbaumann@pro ...

CWE-203 https://docs.bestpractical.com/release-notes/rt/index.html https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995167 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-38562

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect