CVE-2015-1165 — Sensitive Information Exposure in Request-tracker4

CWE-200 — Sensitive Information Exposure7 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 40.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Request-tracker4 Bestpractical Request Tracker Debian Linux +1 more

Timeline

PublishedMar 9

Latest updateMay 17

Description

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/request-tracker4< request-tracker4 4.2.8-3 (bookworm)

▶NVDbestpractical/request_tracker43 versions+42

Also affects: Debian Linux 7.0, Fedora 21, 22

🔴Vulnerability Details

GHSA

GHSA-8x75-79hf-2g6r: RT (aka Request Tracker) 3↗2022-05-17

▶

OSV

CVE-2015-1165: RT (aka Request Tracker) 3↗2015-03-09

▶

📋Vendor Advisories

Debian

CVE-2015-1165: request-tracker4 - RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10...↗2015

▶

💬Community

Bugzilla

CVE-2015-1165 rt: information disclosure flaw in RSS feed handler [fedora-21]↗2015-03-09

▶

Bugzilla

CVE-2015-1165 rt: information disclosure flaw in RSS feed handler↗2015-03-09

▶

Bugzilla

Following HTML links on RSS preview should't sends feed URL as referer↗2015-02-10

▶