CVE-2022-25803Open Redirect in Request Tracker

CWE-601Open Redirect6 documents5 sources
Severity
6.1MEDIUMNVD
OSV7.5
EPSS
0.1%
top 75.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Bestpractical Request TrackerDebian Request-tracker5
Timeline
PublishedJul 14
Latest updateAug 13

Description

Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

debiandebian/request-tracker5< request-tracker5 5.0.3+dfsg-1 (bookworm)

Patches

Patch: docs.bestpractical.comPatch: docs.bestpractical.com

🔴Vulnerability Details

3
OSV
request-tracker5 vulnerabilities2025-08-13
GHSA
GHSA-p47r-g523-cx3r: Best Practical Request Tracker (RT) before 52022-07-15
OSV
CVE-2022-25803: Best Practical Request Tracker (RT) before 52022-07-14

📋Vendor Advisories

2
Ubuntu
Request Tracker vulnerabilities2025-08-13
Debian
CVE-2022-25803: request-tracker5 - Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a tick...2022
CVE-2022-25803 — Open Redirect in Request Tracker | cvebase