CVE-2023-41259

Summary

CVE	CVE-2023-41259
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-11-03 05:15:00 UTC
Updated	2023-11-13 17:29:00 UTC
Description	Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Bestpractical	Request Tracker	All	All	All	All

References

Reference	Source	Link	Tags
RT 4.4.7 Release Notes - RT: Request Tracker - Best Practical	CONFIRM	docs.bestpractical.com
Documentation - Best Practical	MISC	docs.bestpractical.com
RT 5.0.5 Release Notes - RT: Request Tracker - Best Practical	CONFIRM	docs.bestpractical.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

199974 Ubuntu Security Notification for Request Tracker Vulnerabilities (USN-6529-1)
6000270 Debian Security Update for request-tracker4 (DLA 3642-1)
6000295 Debian Security Update for request-tracker5 (DSA 5541-1)
6000305 Debian Security Update for request-tracker4 (DSA 5542-1)
691335 Free Berkeley Software Distribution (FreeBSD) Security Update for request tracker (e14b9870-62a4-11ee-897b-000bab9f87f1)