CVE-2011-2084 — Sensitive Information Exposure in Request-tracker4

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.3%

top 46.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Request-tracker4 Bestpractical RT

Timeline

PublishedJun 4

Latest updateMay 17

Description

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDbestpractical/rt83 versions+82

▶debiandebian/request-tracker4< request-tracker4 4.0.5-3 (bookworm)

Patches

Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗

🔴Vulnerability Details

GHSA

GHSA-p82w-gqww-6pm7: Best Practical Solutions RT 3↗2022-05-17

▶

OSV

CVE-2011-2084: Best Practical Solutions RT 3↗2012-06-04

▶

📋Vendor Advisories

Debian

CVE-2011-2084: request-tracker4 - Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote...↗2011

▶

💬Community

Bugzilla

rt3: Multiple security flaws fixed in upstream v3.8.12 and v4.0.6 versions↗2012-05-22

▶