CVE-2013-3737Sensitive Information Exposure in Request Tracker

CWE-200Sensitive Information Exposure2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 42.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Bestpractical Request Tracker
Timeline
PublishedNov 16
Latest updateMay 17

Description

The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDbestpractical/request_tracker13 versions+12

Patches

Patch: lists.bestpractical.comPatch: lists.bestpractical.com

🔴Vulnerability Details

1
GHSA
GHSA-6x6m-mjfv-c6h2: The MobileUI (aka RT-Extension-MobileUI) extension before 12022-05-17
CVE-2013-3737 — Sensitive Information Exposure | cvebase