CVE-2024-3262

Information exposure vulnerability in Request Tracker (RT)

CVSS 5.5 MEDIUMEPSS 0.3%CWE-200

Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Best Practical Solutions · Request Tracker

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt