cbcvebase.

Debian Request-Tracker4 vulnerabilities

44 known vulnerabilities affecting debian/request-tracker4.

Total CVEs
44
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM32LOW5

Vulnerabilities

Page 2 of 3
CVE-2022-25802P4MEDIUMCVSS 6.1fixed in request-tracker4 4.4.6+dfsg-1 (bookworm)2022
CVE-2022-25802 [MEDIUM] CVE-2022-25802: request-tracker4 - Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS... Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. Scope: local bookworm: resolved (fixed in 4.4.6+dfsg-1) bullseye: resolved (fixed in 4.4.4+dfsg-2+deb11u2) sid: resolved (fixed in 4.4.6+dfsg-1)
debian
CVE-2015-1165P4MEDIUMCVSS 5.0fixed in request-tracker4 4.2.8-3 (bookworm)2015
CVE-2015-1165 [MEDIUM] CVE-2015-1165: request-tracker4 - RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10... RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.2.8-3) bullseye: resolved (fixed in 4.2.8-3) sid: resolved (fixed in 4.2.8-3)
debian
CVE-2012-4731P4MEDIUMCVSS 4.0fixed in request-tracker4 4.0.7-2 (bookworm)2012
CVE-2012-4731 [MEDIUM] CVE-2012-4731: request-tracker4 - FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user... FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) sid: resolved (fixed in 4.0.7-2)
debian
CVE-2012-6579P4MEDIUMCVSS 6.4fixed in request-tracker4 4.0.7-2 (bookworm)2012
CVE-2012-6579 [MEDIUM] CVE-2012-6579: request-tracker4 - Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when Gnu... Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: re
debian
CVE-2024-3262P4MEDIUMCVSS 5.5fixed in request-tracker4 4.4.6+dfsg-1.1+deb12u2 (bookworm)2024
CVE-2024-3262 [MEDIUM] CVE-2024-3262: request-tracker4 - Information exposure vulnerability in RT software affecting version 4.4.1. This ... Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session terminati
debian
CVE-2012-6581P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.7-2 (bookworm)2012
CVE-2012-6581 [MEDIUM] CVE-2012-6581: request-tracker4 - Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when Gnu... Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege. Scope: local bookworm: resolved (fixed in
debian
CVE-2011-2082P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.5-3 (bookworm)2011
CVE-2011-2082 [MEDIUM] CVE-2011-2082: request-tracker4 - The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12... The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the d
debian
CVE-2012-6578P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.7-2 (bookworm)2012
CVE-2012-6578 [MEDIUM] CVE-2012-6578: request-tracker4 - Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when Gnu... Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.
debian
CVE-2015-6506P4MEDIUMCVSS 4.3fixed in request-tracker4 4.2.11-2 (bookworm)2015
CVE-2015-6506 [MEDIUM] CVE-2015-6506: request-tracker4 - Cross-site scripting (XSS) vulnerability in the cryptography interface in Reques... Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key. Scope: local bookworm: resolved (fixed in 4.2.11-2) bullseye: resolved (fixed in 4.2.11-2) sid: resolved (fixed in 4.2.11-2)
debian
CVE-2015-5475P4MEDIUMCVSS 4.3fixed in request-tracker4 4.2.11-2 (bookworm)2015
CVE-2015-5475 [MEDIUM] CVE-2015-5475: request-tracker4 - Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x ... Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages. Scope: local bookworm: resolved (fixed in 4.2.11-2) bullseye: resolved (fixed in 4.2.11-2) sid: resolved (fixed in 4.2.11-2)
debian
CVE-2013-3371P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.12-2 (bookworm)2013
CVE-2013-3371 [MEDIUM] CVE-2013-3371: request-tracker4 - Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3... Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment. Scope: local bookworm: resolved (fixed in 4.0.12-2) bullseye: resolved (fixed in 4.0.12-2) sid: resolved (fixed in 4.0.12-2)
debian
CVE-2011-2084P4MEDIUMCVSS 4.0fixed in request-tracker4 4.0.5-3 (bookworm)2011
CVE-2011-2084 [MEDIUM] CVE-2011-2084: request-tracker4 - Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote... Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account. Scope: local bookworm: resolved (fixed in 4.0.5-3) bullseye: resolved (fixed in 4.0.5-3) sid: resolved (fixed in 4.0.5-3)
debian
CVE-2011-2083P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.5-3 (bookworm)2011
CVE-2011-2083 [MEDIUM] CVE-2011-2083: request-tracker4 - Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions ... Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.0.5-3) bullseye: resolved (fixed in 4.0.5-3) sid: resolved (fixed in 4.0.5-3)
debian
CVE-2013-3372P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.12-2 (bookworm)2013
CVE-2013-3372 [MEDIUM] CVE-2013-3372: request-tracker4 - Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote a... Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.0.12-2) bullseye: resolved (fixed in 4.0.12-2) sid: resolved (fixed in 4.0.12-2)
debian
CVE-2013-3374P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.12-2 (bookworm)2013
CVE-2013-3374 [MEDIUM] CVE-2013-3374: request-tracker4 - Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x ... Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use." Scope: local bookworm: resolved (fixed in 4.0.12-2) bullseye: reso
debian
CVE-2011-4459P4LOWCVSS 3.5fixed in request-tracker4 4.0.5-3 (bookworm)2011
CVE-2011-4459 [LOW] CVE-2011-4459: request-tracker4 - Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not prop... Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership. Scope: local bookworm: resolved (fixed in 4.0.5-3) bullseye: resolved (fixed in 4.0.5-3) sid: resolved (fixed in 4.0.
debian
CVE-2012-2769P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.6-1 (bookworm)2012
CVE-2012-2769 [MEDIUM] CVE-2012-2769: request-tracker4 - Multiple cross-site scripting (XSS) vulnerabilities in the topic administration ... Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.0.6-1) b
debian
CVE-2012-2768P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.6-1 (bookworm)2012
CVE-2012-2768 [MEDIUM] CVE-2012-2768: request-tracker4 - Multiple cross-site scripting (XSS) vulnerabilities in the topic administration ... Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.0.6-1) bullseye: resolved (fixed in 4.0.6-1) sid: resolved (fixed in
debian
CVE-2012-6580P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.7-2 (bookworm)2012
CVE-2012-6580 [MEDIUM] CVE-2012-6580: request-tracker4 - Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when Gnu... Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address. Scope: local boo
debian
CVE-2012-4730P4LOWCVSS 3.5fixed in request-tracker4 4.0.7-2 (bookworm)2012
CVE-2012-4730 [LOW] CVE-2012-4730: request-tracker4 - Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote au... Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) sid: resolved (fixe
debian
Debian Request-Tracker4 vulnerabilities | cvebase