Bestpractical: >> Request Tracker >> 4.2.15 Security Vulnerabilities
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-03
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-03
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-07-14
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-07-14
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-10-18
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-03-21