Debian Request-Tracker4 vulnerabilities
44 known vulnerabilities affecting debian/request-tracker4.
Total CVEs
44
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM32LOW5
Vulnerabilities
Page 3 of 3
CVE-2013-5587P4MEDIUMCVSS 4.3fixed in request-tracker4 4.0.12-2 (bookworm)2013
CVE-2013-5587 [MEDIUM] CVE-2013-5587: request-tracker4 - Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0....
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.
Scope: local
bookworm: resolved (fixed in 4.0.12-2)
bullseye: resolved
debian
CVE-2025-61873P4LOWCVSS 2.6fixed in request-tracker4 4.4.6+dfsg-1.1+deb12u3 (bookworm)2025
CVE-2025-61873 [LOW] CVE-2025-61873: request-tracker4 - Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV In...
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
Scope: local
bookworm: resolved (fixed in 4.4.6+dfsg-1.1+deb12u3)
bullseye: resolved (fixed in 4.4.4+dfsg-2+deb11u5)
sid: open
debian
CVE-2013-3368P4LOWCVSS 3.3fixed in request-tracker4 4.0.12-2 (bookworm)2013
CVE-2013-3368 [LOW] CVE-2013-3368: request-tracker4 - bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allow...
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
Scope: local
bookworm: resolved (fixed in 4.0.12-2)
bullseye: resolved (fixed in 4.0.12-2)
sid: resolved (fixed in 4.0.12-2)
debian
CVE-2025-2545P4LOWCVSS 2.3fixed in request-tracker4 4.4.6+dfsg-1.1+deb12u2 (bookworm)2025
CVE-2025-2545 [LOW] CVE-2025-2545: request-tracker4 - Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8...
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.
Scope: local
debian
← Previous3 / 3