Main Vulnerability Database Vulnerabilities #VU82258

#VU82258 Information disclosure in Request Tracker - CVE-2023-45024

Published: October 19, 2023

Vulnerability identifier: #VU82258

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-45024

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Request Tracker

Software vendor:
Best Practical Solutions

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application via transaction searches made by
authenticated users in the transaction query builder. A remote user can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://github.com/bestpractical/rt/releases/tag/rt-5.0.5