Description
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3176
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html
Scores
EPSS
0.0212
EPSS Percentile
79.6%
Details
CWE
CWE-200
Status
published
Products (46)
bestpractical/request_tracker
3.8.8
bestpractical/request_tracker
3.8.9
bestpractical/request_tracker
3.8.10
bestpractical/request_tracker
3.8.11
bestpractical/request_tracker
3.8.12
bestpractical/request_tracker
3.8.13
bestpractical/request_tracker
3.8.14
bestpractical/request_tracker
3.8.15
bestpractical/request_tracker
3.8.16
bestpractical/request_tracker
3.8.17
... and 36 more
Published
Mar 09, 2015
Tracked Since
Feb 18, 2026