CVE-2024-3262Sensitive Information Exposure in Request-tracker4

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
5.5MEDIUMNVD
OSV7.5
EPSS
0.0%
top 94.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Request-tracker4Debian Request-tracker5Best Practical Solutions Request Tracker
Timeline
PublishedApr 4
Latest updateAug 13

Description

Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/request-tracker4< request-tracker4 4.4.6+dfsg-1.1+deb12u2 (bookworm)
debiandebian/request-tracker5< request-tracker4 4.4.6+dfsg-1.1+deb12u2 (bookworm)

🔴Vulnerability Details

3
OSV
request-tracker5 vulnerabilities2025-08-13
OSV
CVE-2024-3262: Information exposure vulnerability in RT software affecting version 42024-04-04
GHSA
GHSA-6426-p644-ffcf: Information exposure vulnerability in RT software affecting version 42024-04-04

📋Vendor Advisories

2
Ubuntu
Request Tracker vulnerabilities2025-08-13
Debian
CVE-2024-3262: request-tracker4 - Information exposure vulnerability in RT software affecting version 4.4.1. This ...2024