Information Exposure in Best Practical Request Tracker Mail-Gateway API
CVE-2023-41260

7.5HIGH

Key Information:

Vendor: Bestpractical
Status: Request Tracker
Vendor: CVE Published:; 3 November 2023

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2023-41260?

An information exposure vulnerability has been identified in Best Practical Request Tracker that affects the mail-gateway REST API. Versions prior to 4.4.7 and all 5.x versions before 5.0.5 are susceptible to leaking sensitive information in the responses to API calls. This could potentially allow unauthorized users to access confidential data, raising serious security concerns for organizations using the affected versions.

References

https://docs.bestpractical.com/release-notes/rt/index.html

https://docs.bestpractical.com/release-notes/rt/5.0.5

https://docs.bestpractical.com/release-notes/rt/4.4.7

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Aug 25, 2023

CVE-2023-41260 Data

JSON