Search criteria
78 vulnerabilities found for request_tracker by bestpractical
FKIE_CVE-2025-31500
Vulnerability from fkie_nvd - Published: 2025-05-28 18:15 - Updated: 2025-06-09 18:58
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/5.0.8 | Release Notes | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58D4AE-EBC9-4F20-8ADF-E65F88BEC12D",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name."
},
{
"lang": "es",
"value": "Best Practical RT (Request Tracker) 5.0 a 5.0.7 permite XSS a trav\u00e9s de la inyecci\u00f3n de JavaScript en el nombre de un activo."
}
],
"id": "CVE-2025-31500",
"lastModified": "2025-06-09T18:58:52.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-28T18:15:26.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-31501
Vulnerability from fkie_nvd - Published: 2025-05-28 18:15 - Updated: 2025-06-09 18:59
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/5.0.8 | Release Notes | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAC2A90-1130-4970-BEE6-C0217F1B2CDE",
"versionEndExcluding": "4.4.8",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58D4AE-EBC9-4F20-8ADF-E65F88BEC12D",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink."
},
{
"lang": "es",
"value": "Best Practical RT (Request Tracker) 5.0 a 5.0.7 permite XSS a trav\u00e9s de la inyecci\u00f3n de JavaScript en un enlace permanente RT."
}
],
"id": "CVE-2025-31501",
"lastModified": "2025-06-09T18:59:03.730",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-28T18:15:26.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-30087
Vulnerability from fkie_nvd - Published: 2025-05-28 18:15 - Updated: 2025-11-03 20:18
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAC2A90-1130-4970-BEE6-C0217F1B2CDE",
"versionEndExcluding": "4.4.8",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58D4AE-EBC9-4F20-8ADF-E65F88BEC12D",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL."
},
{
"lang": "es",
"value": "Best Practical RT (Request Tracker) 4.4 a 4.4.7 y 5.0 a 5.0.7 permite XSS mediante la inyecci\u00f3n de par\u00e1metros manipulados en una URL de b\u00fasqueda."
}
],
"id": "CVE-2025-30087",
"lastModified": "2025-11-03T20:18:09.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-28T18:15:26.540",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-45024
Vulnerability from fkie_nvd - Published: 2023-11-03 05:15 - Updated: 2024-11-21 08:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE81C97-B149-415E-B44E-4ACB3669809C",
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) 5 anterior a 5.0.5 permite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de una b\u00fasqueda de transacciones en el generador de consultas de transacciones."
}
],
"id": "CVE-2023-45024",
"lastModified": "2024-11-21T08:26:14.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-03T05:15:30.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-41260
Vulnerability from fkie_nvd - Published: 2023-11-03 05:15 - Updated: 2025-11-04 20:16
Severity ?
Summary
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/4.4.7 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/5.0.5 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/4.4.7 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/5.0.5 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/10/msg00046.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5782F7D4-E17A-4BB3-8AEB-02CEAA4A5DEF",
"versionEndExcluding": "4.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE81C97-B149-415E-B44E-4ACB3669809C",
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) anterior a 4.4.7 y 5.x anterior a 5.0.5 permite la exposici\u00f3n de informaci\u00f3n en respuestas a llamadas API REST de puerta de enlace de correo."
}
],
"id": "CVE-2023-41260",
"lastModified": "2025-11-04T20:16:46.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-03T05:15:29.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00046.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-41259
Vulnerability from fkie_nvd - Published: 2023-11-03 05:15 - Updated: 2025-11-04 20:16
Severity ?
Summary
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/4.4.7 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/5.0.5 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/4.4.7 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/5.0.5 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/10/msg00046.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5782F7D4-E17A-4BB3-8AEB-02CEAA4A5DEF",
"versionEndExcluding": "4.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE81C97-B149-415E-B44E-4ACB3669809C",
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) anterior a 4.4.7 y 5.x anterior a 5.0.5 permite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de encabezados de correo electr\u00f3nico RT falsos o falsificados en un mensaje de correo electr\u00f3nico o una llamada API REST de puerta de enlace de correo."
}
],
"id": "CVE-2023-41259",
"lastModified": "2025-11-04T20:16:45.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-03T05:15:29.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00046.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-25802
Vulnerability from fkie_nvd - Published: 2022-07-14 12:15 - Updated: 2024-11-21 06:53
Severity ?
Summary
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/4.4.6 | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/5.0.3 | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/4.4.6 | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/5.0.3 | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1DBD1F-2252-4295-BABD-661FBDCB9E55",
"versionEndExcluding": "4.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "253BA797-BE23-4CE0-A08B-21D731F1D2F0",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) versiones anteriores a 4.4.6 y versiones 5.x anteriores a 5.0.3 permite un ataque de tipo XSS por medio de un tipo de contenido dise\u00f1ado para un adjunto"
}
],
"id": "CVE-2022-25802",
"lastModified": "2024-11-21T06:53:01.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T12:15:11.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-25803
Vulnerability from fkie_nvd - Published: 2022-07-14 12:15 - Updated: 2024-11-21 06:53
Severity ?
Summary
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/5.0.3 | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/5.0.3 | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.bestpractical.com/release-notes/rt/index.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0DBE03-5EF5-4B52-99B2-6D07FC59EB7C",
"versionEndExcluding": "5.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) versiones anteriores a 5.0.3, presenta un Redireccionamiento Abierto por medio de una b\u00fasqueda de tickets"
}
],
"id": "CVE-2022-25803",
"lastModified": "2024-11-21T06:53:01.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T12:15:11.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-38562
Vulnerability from fkie_nvd - Published: 2021-10-18 09:15 - Updated: 2024-11-21 06:17
Severity ?
Summary
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * | |
| bestpractical | request_tracker | * | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D08BAE0-181B-46A0-B8B4-311B8E6C550E",
"versionEndExcluding": "4.2.17",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D6692C-6D84-4D03-B65F-5BBAFD439826",
"versionEndExcluding": "4.4.5",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "861FFFAE-2644-474C-AD4F-2CC84F907869",
"versionEndExcluding": "5.0.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm."
},
{
"lang": "es",
"value": "Best Practical Request Tracker (RT) versiones 4.2 anteriores a 4.2.17, versiones 4.4 anteriores a 4.4.5, y versiones 5.0 anteriores a 5.0.2, permite una divulgaci\u00f3n de informaci\u00f3n confidencial por medio de un ataque de tiempo contra el archivo lib/RT/REST2/Middleware/Auth.pm"
}
],
"id": "CVE-2021-38562",
"lastModified": "2024-11-21T06:17:27.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-18T09:15:08.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18898
Vulnerability from fkie_nvd - Published: 2019-03-21 16:00 - Updated: 2024-11-21 03:56
Severity ?
Summary
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | request_tracker | * | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB3EE6-1C20-478B-956D-E490BC90FC50",
"versionEndIncluding": "4.4.0",
"versionStartIncluding": "4.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing."
},
{
"lang": "es",
"value": "La funcionalidad email-ingestion en Best Practical Request Tracker, desde la versi\u00f3n 4.1.3 hasta la 4.4 permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio mediante un ataque de complejidad algor\u00edtmica en el an\u00e1lisis de direcciones de correo electr\u00f3nico."
}
],
"id": "CVE-2018-18898",
"lastModified": "2024-11-21T03:56:50.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:29.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://bestpractical.com/download-page"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4517-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://bestpractical.com/download-page"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4517-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-30087 (GCVE-0-2025-30087)
Vulnerability from cvelistv5 – Published: 2025-05-28 00:00 – Updated: 2025-11-03 19:46
VLAI?
Summary
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
Severity ?
7.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bestpractical | RT |
Affected:
4.4.0 , < 4.4.8
(semver)
Affected: 5.0.0 , < 5.0.8 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T18:00:11.113721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T18:00:16.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:46:45.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RT",
"vendor": "bestpractical",
"versions": [
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "5.0.8",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.8",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:53:01.345Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.8"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30087",
"datePublished": "2025-05-28T00:00:00.000Z",
"dateReserved": "2025-03-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:46:45.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31500 (GCVE-0-2025-31500)
Vulnerability from cvelistv5 – Published: 2025-05-28 00:00 – Updated: 2025-05-28 17:59
VLAI?
Summary
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
Severity ?
7.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bestpractical | RT |
Affected:
5.0.0 , < 5.0.8
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:59:42.444191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:59:47.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RT",
"vendor": "bestpractical",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:45:41.901Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-31500",
"datePublished": "2025-05-28T00:00:00.000Z",
"dateReserved": "2025-03-28T00:00:00.000Z",
"dateUpdated": "2025-05-28T17:59:47.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31501 (GCVE-0-2025-31501)
Vulnerability from cvelistv5 – Published: 2025-05-28 00:00 – Updated: 2025-05-28 17:59
VLAI?
Summary
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
Severity ?
7.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bestpractical | RT |
Affected:
5.0.0 , < 5.0.8
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:59:24.546058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:59:29.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RT",
"vendor": "bestpractical",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:48:25.633Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-31501",
"datePublished": "2025-05-28T00:00:00.000Z",
"dateReserved": "2025-03-28T00:00:00.000Z",
"dateUpdated": "2025-05-28T17:59:29.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41260 (GCVE-0-2023-41260)
Vulnerability from cvelistv5 – Published: 2023-11-03 00:00 – Updated: 2025-11-04 19:21
VLAI?
Summary
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:21:06.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00046.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:best_practical_solutions:request_tracker:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "request_tracker",
"vendor": "best_practical_solutions",
"versions": [
{
"lessThan": "4.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.0.5",
"status": "affected",
"version": "5x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:47:43.604407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:51:22.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T04:17:29.880Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41260",
"datePublished": "2023-11-03T00:00:00.000Z",
"dateReserved": "2023-08-25T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:21:06.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-41259 (GCVE-0-2023-41259)
Vulnerability from cvelistv5 – Published: 2023-11-03 00:00 – Updated: 2025-11-04 19:21
VLAI?
Summary
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:21:05.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00046.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:best_practical_solutions:request_tracker:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "request_tracker",
"vendor": "best_practical_solutions",
"versions": [
{
"lessThan": "4.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.0.5",
"status": "affected",
"version": "5x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:52:22.819347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:54:06.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T04:14:28.149Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41259",
"datePublished": "2023-11-03T00:00:00.000Z",
"dateReserved": "2023-08-25T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:21:05.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-45024 (GCVE-0-2023-45024)
Vulnerability from cvelistv5 – Published: 2023-11-03 00:00 – Updated: 2024-09-06 14:00
VLAI?
Summary
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T14:00:24.225531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:00:30.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T04:19:31.617955",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45024",
"datePublished": "2023-11-03T00:00:00",
"dateReserved": "2023-10-03T00:00:00",
"dateUpdated": "2024-09-06T14:00:30.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25803 (GCVE-0-2022-25803)
Vulnerability from cvelistv5 – Published: 2022-07-14 11:51 – Updated: 2024-08-03 04:49
VLAI?
Summary
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T11:51:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.bestpractical.com/release-notes/rt/index.html",
"refsource": "MISC",
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"name": "https://docs.bestpractical.com/release-notes/rt/5.0.3",
"refsource": "CONFIRM",
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25803",
"datePublished": "2022-07-14T11:51:19",
"dateReserved": "2022-02-23T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25802 (GCVE-0-2022-25802)
Vulnerability from cvelistv5 – Published: 2022-07-14 11:49 – Updated: 2024-08-03 04:49
VLAI?
Summary
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T11:49:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.bestpractical.com/release-notes/rt/index.html",
"refsource": "MISC",
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"name": "https://docs.bestpractical.com/release-notes/rt/4.4.6",
"refsource": "CONFIRM",
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"name": "https://docs.bestpractical.com/release-notes/rt/5.0.3",
"refsource": "CONFIRM",
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25802",
"datePublished": "2022-07-14T11:49:40",
"dateReserved": "2022-02-23T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38562 (GCVE-0-2021-38562)
Vulnerability from cvelistv5 – Published: 2021-10-18 08:52 – Updated: 2024-08-04 01:44
VLAI?
Summary
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"name": "FEDORA-2021-825dd1879f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"name": "[debian-lts-announce] 20220623 [SECURITY] [DLA 3057-1] request-tracker4 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-23T09:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"name": "FEDORA-2021-825dd1879f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"name": "[debian-lts-announce] 20220623 [SECURITY] [DLA 3057-1] request-tracker4 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.bestpractical.com/release-notes/rt/index.html",
"refsource": "MISC",
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"name": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c",
"refsource": "CONFIRM",
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"name": "FEDORA-2021-825dd1879f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"name": "[debian-lts-announce] 20220623 [SECURITY] [DLA 3057-1] request-tracker4 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38562",
"datePublished": "2021-10-18T08:52:58",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18898 (GCVE-0-2018-18898)
Vulnerability from cvelistv5 – Published: 2019-03-17 21:16 – Updated: 2024-08-05 11:23
VLAI?
Summary
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-73cbc02e14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"name": "FEDORA-2019-ef5551fcff",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bestpractical.com/download-page"
},
{
"name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"name": "USN-4517-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4517-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-22T14:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2019-73cbc02e14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"name": "FEDORA-2019-ef5551fcff",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bestpractical.com/download-page"
},
{
"name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"name": "USN-4517-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4517-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-73cbc02e14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"name": "FEDORA-2019-ef5551fcff",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"name": "https://bestpractical.com/download-page",
"refsource": "CONFIRM",
"url": "https://bestpractical.com/download-page"
},
{
"name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"name": "USN-4517-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4517-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18898",
"datePublished": "2019-03-17T21:16:19",
"dateReserved": "2018-11-02T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30087 (GCVE-0-2025-30087)
Vulnerability from nvd – Published: 2025-05-28 00:00 – Updated: 2025-11-03 19:46
VLAI?
Summary
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
Severity ?
7.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bestpractical | RT |
Affected:
4.4.0 , < 4.4.8
(semver)
Affected: 5.0.0 , < 5.0.8 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T18:00:11.113721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T18:00:16.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:46:45.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RT",
"vendor": "bestpractical",
"versions": [
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "5.0.8",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.8",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:53:01.345Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.8"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30087",
"datePublished": "2025-05-28T00:00:00.000Z",
"dateReserved": "2025-03-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:46:45.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31500 (GCVE-0-2025-31500)
Vulnerability from nvd – Published: 2025-05-28 00:00 – Updated: 2025-05-28 17:59
VLAI?
Summary
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
Severity ?
7.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bestpractical | RT |
Affected:
5.0.0 , < 5.0.8
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:59:42.444191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:59:47.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RT",
"vendor": "bestpractical",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:45:41.901Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-31500",
"datePublished": "2025-05-28T00:00:00.000Z",
"dateReserved": "2025-03-28T00:00:00.000Z",
"dateUpdated": "2025-05-28T17:59:47.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31501 (GCVE-0-2025-31501)
Vulnerability from nvd – Published: 2025-05-28 00:00 – Updated: 2025-05-28 17:59
VLAI?
Summary
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
Severity ?
7.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bestpractical | RT |
Affected:
5.0.0 , < 5.0.8
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:59:24.546058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:59:29.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RT",
"vendor": "bestpractical",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:48:25.633Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-31501",
"datePublished": "2025-05-28T00:00:00.000Z",
"dateReserved": "2025-03-28T00:00:00.000Z",
"dateUpdated": "2025-05-28T17:59:29.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41260 (GCVE-0-2023-41260)
Vulnerability from nvd – Published: 2023-11-03 00:00 – Updated: 2025-11-04 19:21
VLAI?
Summary
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:21:06.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00046.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:best_practical_solutions:request_tracker:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "request_tracker",
"vendor": "best_practical_solutions",
"versions": [
{
"lessThan": "4.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.0.5",
"status": "affected",
"version": "5x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:47:43.604407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:51:22.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T04:17:29.880Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41260",
"datePublished": "2023-11-03T00:00:00.000Z",
"dateReserved": "2023-08-25T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:21:06.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-41259 (GCVE-0-2023-41259)
Vulnerability from nvd – Published: 2023-11-03 00:00 – Updated: 2025-11-04 19:21
VLAI?
Summary
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:21:05.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00046.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:best_practical_solutions:request_tracker:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "request_tracker",
"vendor": "best_practical_solutions",
"versions": [
{
"lessThan": "4.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.0.5",
"status": "affected",
"version": "5x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:52:22.819347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:54:06.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T04:14:28.149Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41259",
"datePublished": "2023-11-03T00:00:00.000Z",
"dateReserved": "2023-08-25T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:21:05.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-45024 (GCVE-0-2023-45024)
Vulnerability from nvd – Published: 2023-11-03 00:00 – Updated: 2024-09-06 14:00
VLAI?
Summary
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T14:00:24.225531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:00:30.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T04:19:31.617955",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45024",
"datePublished": "2023-11-03T00:00:00",
"dateReserved": "2023-10-03T00:00:00",
"dateUpdated": "2024-09-06T14:00:30.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25803 (GCVE-0-2022-25803)
Vulnerability from nvd – Published: 2022-07-14 11:51 – Updated: 2024-08-03 04:49
VLAI?
Summary
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T11:51:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.bestpractical.com/release-notes/rt/index.html",
"refsource": "MISC",
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"name": "https://docs.bestpractical.com/release-notes/rt/5.0.3",
"refsource": "CONFIRM",
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25803",
"datePublished": "2022-07-14T11:51:19",
"dateReserved": "2022-02-23T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25802 (GCVE-0-2022-25802)
Vulnerability from nvd – Published: 2022-07-14 11:49 – Updated: 2024-08-03 04:49
VLAI?
Summary
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T11:49:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.bestpractical.com/release-notes/rt/index.html",
"refsource": "MISC",
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"name": "https://docs.bestpractical.com/release-notes/rt/4.4.6",
"refsource": "CONFIRM",
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.6"
},
{
"name": "https://docs.bestpractical.com/release-notes/rt/5.0.3",
"refsource": "CONFIRM",
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25802",
"datePublished": "2022-07-14T11:49:40",
"dateReserved": "2022-02-23T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38562 (GCVE-0-2021-38562)
Vulnerability from nvd – Published: 2021-10-18 08:52 – Updated: 2024-08-04 01:44
VLAI?
Summary
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"name": "FEDORA-2021-825dd1879f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"name": "[debian-lts-announce] 20220623 [SECURITY] [DLA 3057-1] request-tracker4 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-23T09:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"name": "FEDORA-2021-825dd1879f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"name": "[debian-lts-announce] 20220623 [SECURITY] [DLA 3057-1] request-tracker4 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.bestpractical.com/release-notes/rt/index.html",
"refsource": "MISC",
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"name": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c",
"refsource": "CONFIRM",
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"name": "FEDORA-2021-825dd1879f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"
},
{
"name": "[debian-lts-announce] 20220623 [SECURITY] [DLA 3057-1] request-tracker4 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38562",
"datePublished": "2021-10-18T08:52:58",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18898 (GCVE-0-2018-18898)
Vulnerability from nvd – Published: 2019-03-17 21:16 – Updated: 2024-08-05 11:23
VLAI?
Summary
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-73cbc02e14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"name": "FEDORA-2019-ef5551fcff",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bestpractical.com/download-page"
},
{
"name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"name": "USN-4517-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4517-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-22T14:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2019-73cbc02e14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"name": "FEDORA-2019-ef5551fcff",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bestpractical.com/download-page"
},
{
"name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"name": "USN-4517-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4517-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-73cbc02e14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/"
},
{
"name": "FEDORA-2019-ef5551fcff",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/"
},
{
"name": "https://bestpractical.com/download-page",
"refsource": "CONFIRM",
"url": "https://bestpractical.com/download-page"
},
{
"name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
},
{
"name": "USN-4517-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4517-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18898",
"datePublished": "2019-03-17T21:16:19",
"dateReserved": "2018-11-02T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}