Shodan
Vulnerabilities
Vulnerable Software
Bestpractical:  >> Request Tracker  >> 3.8.7  Security Vulnerabilities
CVE-2023-41259
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-03
CVE-2023-41260
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-03
CVE-2022-25802
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-07-14
CVE-2022-25803
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-07-14
CVE-2015-6506
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.
CVSS Score
4.3
EPSS Score
0.004
Published
2015-09-03
CVE-2015-5475
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.
CVSS Score
4.3
EPSS Score
0.004
Published
2015-08-14
CVE-2015-1464
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
CVSS Score
6.4
EPSS Score
0.003
Published
2015-03-09
CVE-2014-9472
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
CVSS Score
7.1
EPSS Score
0.009
Published
2015-03-09
CVE-2012-6578
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-07-24
CVE-2012-6579
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address.
CVSS Score
6.4
EPSS Score
0.002
Published
2013-07-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved