CVE-2023-41259

Name
CVE-2023-41259
Description
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://docs.bestpractical.com/release-notes/rt/index.html
CONFIRM https://docs.bestpractical.com/release-notes/rt/4.4.7
CONFIRM https://docs.bestpractical.com/release-notes/rt/5.0.5

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:* request_tracker >= None < 4.4.7
cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:* request_tracker >= 5.0.0 < 5.0.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rt4 edge-community 4.4.7-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
rt4 3.20-community 4.4.7-r0 Natanael Copa <ncopa@alpinelinux.org> fixed