Main Vulnerability Database Vulnerabilities #VU82258

Information disclosure in Request Tracker - CVE-2023-45024

Published: October 19, 2023

Vulnerability identifier: #VU82258

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-45024

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Best Practical Solutions

Affected software:
Request Tracker

Detailed vulnerability description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application via transaction searches made by
authenticated users in the transaction query builder. A remote user can gain unauthorized access to sensitive information on the system.

How to mitigate CVE-2023-45024

Install updates from vendor's website.

Sources

https://github.com/bestpractical/rt/releases/tag/rt-5.0.5

Information disclosure in Request Tracker - CVE-2023-45024

Detailed vulnerability description

How to mitigate CVE-2023-45024

Sources

Please verify you're human