cbcvebase.
CVE-2024-3262
published 2024-04-04

CVE-2024-3262: Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve…

PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.29%
20.2th percentile
Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.

Affected

3 ranges
VendorProductVersion rangeFixed in
best_practical_solutionsrequest_tracker
debianrequest-tracker4< request-tracker4 4.4.6+dfsg-1.1+deb12u2 (bookworm)request-tracker4 4.4.6+dfsg-1.1+deb12u2 (bookworm)
debianrequest-tracker5< request-tracker4 4.4.6+dfsg-1.1+deb12u2 (bookworm)request-tracker4 4.4.6+dfsg-1.1+deb12u2 (bookworm)

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.