Published: 03/11/2023 Updated: 13/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Best Practical Request Tracker (RT) prior to 4.4.7 and 5.x prior to 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bestpractical request tracker

Debian Bug report logs - #1054516 request-tracker4: CVE-2023-41259 CVE-2023-41260 Package: src:request-tracker4; Maintainer for src:request-tracker4 is Debian Request Tracker Group <pkg-request-tracker-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 24 Oct 2023 20 ...

Debian Bug report logs - #1054517 request-tracker5: CVE-2023-41259 CVE-2023-41260 CVE-2023-45024 Package: src:request-tracker5; Maintainer for src:request-tracker5 is Debian Request Tracker Group <pkg-request-tracker-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, ...

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system CVE-2023-41259 Tom Wolters reported that Request Tracker is vulnerable to accepting unvalidated RT email headers in incoming email and the mail-gateway REST interface CVE-2023-41260 Tom Wolters reported that Request Trac ...

NVD-CWE-noinfo https://docs.bestpractical.com/release-notes/rt/index.html https://docs.bestpractical.com/release-notes/rt/4.4.7 https://docs.bestpractical.com/release-notes/rt/5.0.5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054516 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5542

CVE-2023-41259

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect