Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
CVE-2023-41259
Tom Wolters reported that Request Tracker is vulnerable to accepting unvalidated RT email headers in incoming email and the mail-gateway REST interface.
CVE-2023-41260
Tom Wolters reported that Request Tracker is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface.
CVE-2023-45024
It was reported that Request Tracker is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder.
https://security-tracker.debian.org/tracker/DSA-5541-1
Continue reading...
CVE-2023-41259
Tom Wolters reported that Request Tracker is vulnerable to accepting unvalidated RT email headers in incoming email and the mail-gateway REST interface.
CVE-2023-41260
Tom Wolters reported that Request Tracker is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface.
CVE-2023-45024
It was reported that Request Tracker is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder.
https://security-tracker.debian.org/tracker/DSA-5541-1
Continue reading...