Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6529-1 advisory.

  - Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows     sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
    (CVE-2021-38562)

  - Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content     type for an attachment. (CVE-2022-25802)

  - Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via     fake or spoofed RT email headers in an email message or a mail-gateway REST API call. (CVE-2023-41259)

  - Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in     responses to mail-gateway REST API calls. (CVE-2023-41260)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3642 advisory.

  - Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in     incoming email and the mail-gateway REST interface. CVE-2023-41260 SECURITY: RT is vulnerable to     information leakage via response messages returned from requests sent via the mail-gateway REST interface.
    CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by     authenticated users in the transaction query builder. (CVE-2023-41259, CVE-2023-41260)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5542 advisory.

  - Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in     incoming email and the mail-gateway REST interface. CVE-2023-41260 SECURITY: RT is vulnerable to     information leakage via response messages returned from requests sent via the mail-gateway REST interface.
    CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by     authenticated users in the transaction query builder. (CVE-2023-41259, CVE-2023-41260)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5541 advisory.

  - Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in     incoming email and the mail-gateway REST interface. CVE-2023-41260 SECURITY: RT is vulnerable to     information leakage via response messages returned from requests sent via the mail-gateway REST interface.
    CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by     authenticated users in the transaction query builder. (CVE-2023-41259, CVE-2023-41260, CVE-2023-45024)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e14b9870-62a4-11ee-897b-000bab9f87f1 advisory.

  - Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in     incoming email and the mail-gateway REST interface. CVE-2023-41260 SECURITY: RT is vulnerable to     information leakage via response messages returned from requests sent via the mail-gateway REST interface.
    CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by     authenticated users in the transaction query builder. (CVE-2023-41259, CVE-2023-41260, CVE-2023-45024)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
186541	Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Request Tracker vulnerabilities (USN-6529-1)	Nessus	Ubuntu Local Security Checks	high
184075	Debian DLA-3642-1 : request-tracker4 - LTS security update	Nessus	Debian Local Security Checks	high
184064	Debian DSA-5542-1 : request-tracker4 - security update	Nessus	Debian Local Security Checks	high
184062	Debian DSA-5541-1 : request-tracker5 - security update	Nessus	Debian Local Security Checks	high
183489	FreeBSD : Request Tracker -- multiple vulnerabilities (e14b9870-62a4-11ee-897b-000bab9f87f1)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2023-41259

high

Tenable Plugins

high

high

high

high

high