Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7692-1 advisory.

    It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use     this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-38562)

    It was discovered that Request Tracker was susceptible to cross-site scripting attacks when malicious     attachments were supplied. An attacker could possibly use this issue to execute arbitrary code. This issue     only affected Ubuntu 22.04 LTS. (CVE-2022-25802)

    It was discovered that Request Tracker would incorrectly redirect users in certain instances. An attacker     could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
    (CVE-2022-25803)

    Tom Wolters discovered that Request Tracker could leak information when malicious email headers were     supplied. An attacker could possibly use this issue to access sensitive information. This issue only     affected Ubuntu 22.04 LTS. (CVE-2023-41259, CVE-2023-41260)

    It was discovered that Request Tracker could leak information through its transaction search. An attacker     with access to the transaction query builder of Request Tracker could possibly use this issue to access     sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-45024)

    It was discovered that Request Tracker erroneously stored ticket information in a web browser's cache. An     attacker with direct access to a system could possibly use this issue to access sensitive information.
    This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3262)

    It was discovered that Request Tracker made use of an obsolete cryptographic algorithm for emails sent     with S/MIME encryption. An attacker could possibly use this issue to access sensitive information.
    (CVE-2025-2545)

    It was discovered that Request Tracker was susceptible to cross-site scripting attacks when malicious     parameters were included in a search URL. An attacker could possibly use this issue to execute arbitrary     code. (CVE-2025-30087)

    It was discovered that Request Tracker was susceptible to cross-site scripting attacks when malicious     permalinks or assets were provided. An attacker could possibly use this issue to execute arbitrary code.
    (CVE-2025-31500, CVE-2025-31501)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4157 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4157-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/               Santiago Ruano Rincn     May 08, 2025                                  https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : request-tracker4     Version        : 4.4.4+dfsg-2+deb11u4     CVE ID         : CVE-2024-3262 CVE-2025-2545 CVE-2025-30087     Debian Bug     : 1068452 1104424

    Multiple vulnerabilities have been discovered in Request Tracker, an     extensible trouble-ticket tracking system, which could result in     information disclosure, cross-site scripting and use of weak encryption     for S/MIME emails.

    For Debian 11 bullseye, these problems have been fixed in version     4.4.4+dfsg-2+deb11u4.

    We recommend that you upgrade your request-tracker4 packages.

    For the detailed security status of request-tracker4 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/request-tracker4

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5911 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5911-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     April 30, 2025                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : request-tracker4     CVE ID         : CVE-2024-3262 CVE-2025-2545 CVE-2025-30087     Debian Bug     : 1068452

    Multiple vulnerabilities have been discovered in Request Tracker, an     extensible trouble-ticket tracking system, which could result in     information disclosure, cross-site scripting and use of weak encryption     for S/MIME emails.

    For the stable distribution (bookworm), these problems have been fixed     in version 4.4.6+dfsg-1.1+deb12u2.

    We recommend that you upgrade your request-tracker4 packages.

    For the detailed security status of request-tracker4 please refer to its     security tracker page at:
    https://security-tracker.debian.org/tracker/request-tracker4

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5909 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5909-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     April 30, 2025                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : request-tracker5     CVE ID         : CVE-2024-3262 CVE-2025-2545 CVE-2025-30087 CVE-2025-31500                      CVE-2025-31501     Debian Bug     : 1068453

    Multiple vulnerabilities have been discovered in Request Tracker, an     extensible trouble-ticket tracking system, which could result in     information disclosure, cross-site scripting and use of weak encryption     for S/MIME emails.

    For the stable distribution (bookworm), these problems have been fixed     in version 5.0.3+dfsg-3~deb12u3.

    We recommend that you upgrade your request-tracker5 packages.

    For the detailed security status of request-tracker5 please refer to its     security tracker page at:
    https://security-tracker.debian.org/tracker/request-tracker5

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an     attacker with local access to the device to retrieve sensitive information about the application, such as     vulnerability tickets, because the application stores the information in the browser cache, leading to     information exposure despite session termination. (CVE-2024-3262)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 51498ee4-39a1-11ef-b609-002590c1f29c advisory.

    Request Tracker reports:
    CVE-2024-3262 describes previously viewed pages being stored in the             browser cache, which is the typical default behavior of most browsers to             enable the back button. Someone who gains access to a host computer could             potentially view ticket data using the back button, even after logging out             of RT. The CVE specifically references RT version 4.4.1, but this behavior             is present in most browsers viewing all versions of RT before 5.0.6.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
252276	Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : Request Tracker vulnerabilities (USN-7692-1)	Nessus	Ubuntu Local Security Checks	low
235610	Debian dla-4157 : request-tracker4 - security update	Nessus	Debian Local Security Checks	low
235041	Debian dsa-5911 : request-tracker4 - security update	Nessus	Debian Local Security Checks	medium
235038	Debian dsa-5909 : request-tracker5 - security update	Nessus	Debian Local Security Checks	medium
227883	Linux Distros Unpatched Vulnerability : CVE-2024-3262	Nessus	Misc.	medium
201887	FreeBSD : Request Tracker -- information exposure vulnerability (51498ee4-39a1-11ef-b609-002590c1f29c)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2024-3262

medium

Tenable Plugins

low

low

medium

medium

medium

medium