CVE-2023-41259 Affecting request-tracker4 package, versions <4.4.6+dfsg-1.1+deb12u1
Threat Intelligence
EPSS
0.06% (29th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN12-REQUESTTRACKER4-6016073
- published 20 Oct 2023
- disclosed 3 Nov 2023
Introduced: 20 Oct 2023
CVE-2023-41259 Open this link in a new tabHow to fix?
Upgrade Debian:12 request-tracker4 to version 4.4.6+dfsg-1.1+deb12u1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream request-tracker4 package and not the request-tracker4 package as distributed by Debian.
See How to fix? for Debian:12 relevant fixed versions and status.
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
CVSS Scores
version 3.1