CVE-2024-3262

MEDIUM

RT software <4.4.1 - Info Disclosure

Title source: llm

Description

Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.

References (2)

Core 2

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html

Third Party Advisory

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt

Scores

CVSS v3 5.5

EPSS 0.0029

EPSS Percentile 20.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

Best Practical Solutions/Request Tracker 4.4.1

Published Apr 04, 2024

Tracked Since Feb 18, 2026