Information Disclosure Vulnerability in Best Practical Request Tracker
CVE-2023-41259

7.5HIGH

Key Information:

Vendor: Bestpractical
Status: Request Tracker
Vendor: CVE Published:; 3 November 2023

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2023-41259?

Best Practical Request Tracker (RT) versions prior to 4.4.7 and 5.x before 5.0.5 are susceptible to an information disclosure vulnerability. This issue arises when attackers exploit fake or spoofed RT email headers in email messages or through mail-gateway REST API calls. Successful exploitation could lead to sensitive information being revealed, posing a potential risk to data integrity and confidentiality.

References

https://docs.bestpractical.com/release-notes/rt/index.html

https://docs.bestpractical.com/release-notes/rt/5.0.5

https://docs.bestpractical.com/release-notes/rt/4.4.7

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Aug 25, 2023

CVE-2023-41259 Data

JSON