CVE-2024-3262
MEDIUM5.5EPSS 0.02%request-tracker4 - security update
Published: 4/4/2024Modified: 4/28/2026
Description
Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.
Affected packages (5)
- Debian/request-tracker4from 0, < 4.4.4+dfsg-2+deb11u4
- Debian/request-tracker4from 0, < 4.4.4+dfsg-2+deb11u4
- Debian/request-tracker4from 0, < 4.4.6+dfsg-1.1+deb12u2
- Debian/request-tracker5from 0, < 5.0.3+dfsg-3~deb12u3
- Debian/request-tracker5from 0, < 5.0.3+dfsg-3~deb12u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |