CVE-2013-3374Request-tracker4 vulnerability

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 31.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Request-tracker4Bestpractical RT
Timeline
PublishedAug 23
Latest updateMay 17

Description

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

debiandebian/request-tracker4< request-tracker4 4.0.12-2 (bookworm)
NVDbestpractical/rt30 versions+29

Patches

Patch: lists.bestpractical.comPatch: lists.bestpractical.comPatch: lists.bestpractical.com

🔴Vulnerability Details

2
GHSA
GHSA-v7q3-365h-hmpp: Unspecified vulnerability in Request Tracker (RT) 32022-05-17
OSV
CVE-2013-3374: Unspecified vulnerability in Request Tracker (RT) 32013-08-23

📋Vendor Advisories

1
Debian
CVE-2013-3374: request-tracker4 - Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x ...2013
CVE-2013-3374 — Debian Request-tracker4 vulnerability | cvebase