CVE-2023-41259Sensitive Information Exposure in Request Tracker

CWE-200Sensitive Information Exposure8 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 66.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Bestpractical Request TrackerDebian Request-tracker4Debian Request-tracker5
Timeline
PublishedNov 3
Latest updateAug 13

Description

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDbestpractical/request_tracker5.0.05.0.5+1
debiandebian/request-tracker4< request-tracker4 4.4.6+dfsg-1.1+deb12u1 (bookworm)
debiandebian/request-tracker5< request-tracker4 4.4.6+dfsg-1.1+deb12u1 (bookworm)

🔴Vulnerability Details

4
OSV
request-tracker5 vulnerabilities2025-08-13
OSV
request-tracker4 vulnerabilities2023-12-04
OSV
CVE-2023-41259: Best Practical Request Tracker (RT) before 42023-11-03
GHSA
GHSA-22g7-wp2f-rmqf: Best Practical Request Tracker (RT) before 42023-11-03

📋Vendor Advisories

3
Ubuntu
Request Tracker vulnerabilities2025-08-13
Ubuntu
Request Tracker vulnerabilities2023-12-04
Debian
CVE-2023-41259: request-tracker4 - Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Inf...2023
CVE-2023-41259 — Sensitive Information Exposure | cvebase