pkg:Debian/request-tracker4

All known vulnerabilities

• HIGH8.8CVE-2026-41075RT is an open source, enterprise-grade issue and ticket tracking system.
  from 0
• HIGH8.8CVE-2017-5944The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow rem…
  from 0, < 4.4.1-4
• HIGH8.8CVE-2017-5943Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information…
  from 0, < 4.4.1-4
• HIGH8.1CVE-2026-41076RT is an open source, enterprise-grade issue and ticket tracking system.
  from 0
• HIGH7.5CVE-2023-41260Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API cal…
  from 0, < 4.4.4+dfsg-2+deb11u3
• HIGH7.5CVE-2023-41259request-tracker4 - security update
  from 0, < 4.4.4+dfsg-2+deb11u3
• HIGH7.5CVE-2023-41259request-tracker4 - security update
  from 0, < 4.4.4+dfsg-2+deb11u3
• HIGH7.5CVE-2023-41259request-tracker4 - security update
  from 0, < 4.4.3-2+deb10u3
• HIGH7.5CVE-2021-38562request-tracker4 - security update
  from 0, < 4.4.1-3+deb9u4
• HIGH7.5CVE-2021-38562request-tracker4 - security update
  from 0, < 4.4.4+dfsg-2+deb11u1
• MEDIUM6.1CVE-2026-6841Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests.
  from 0
• MEDIUM6.1CVE-2025-30087Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
  from 0, < 4.4.4+dfsg-2+deb11u4
• MEDIUM6.1CVE-2022-25802request-tracker4 - security update
  from 0, < 4.4.3-2+deb10u2
• MEDIUM6.1CVE-2022-25802request-tracker4 - security update
  from 0, < 4.4.4+dfsg-2+deb11u2
• MEDIUM6.1CVE-2016-6127request-tracker4 - security update
  from 0, < 4.4.1-4
• MEDIUM6.1CVE-2016-6127request-tracker4 - security update
  from 0, < 4.4.1-3+deb9u1
• MEDIUM6.1CVE-2016-6127request-tracker4 - security update
  from 0, < 4.0.7-5+deb7u5
• MEDIUM5.9CVE-2017-5361rt-authen-externalauth - security update
  from 0, < 4.4.1-4
• MEDIUM5.5CVE-2024-3262request-tracker4 - security update
  from 0, < 4.4.4+dfsg-2+deb11u4
• MEDIUM5.5CVE-2024-3262request-tracker4 - security update
  from 0, < 4.4.4+dfsg-2+deb11u4
• MEDIUM5.5CVE-2024-3262request-tracker4 - security update
  from 0, < 4.4.6+dfsg-1.1+deb12u2
• MEDIUM4.6CVE-2026-41073RT is an open source, enterprise-grade issue and ticket tracking system.
  from 0
• LOW2.6CVE-2025-61873request-tracker4 - security update
  from 0, < 4.4.6+dfsg-1.1+deb12u3
• LOW2.6CVE-2025-61873request-tracker4 - security update
  from 0, < 4.4.4+dfsg-2+deb11u5
• LOW2.6CVE-2025-61873request-tracker4 - security update
  from 0, < 4.4.4+dfsg-2+deb11u5
• —CVE-2026-44231(no summary)
  from 0
• —CVE-2026-44229(no summary)
  from 0
• —CVE-2026-44227(no summary)
  from 0
• —CVE-2025-2545Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is us…
  from 0, < 4.4.4+dfsg-2+deb11u4
• —CVE-2015-6506Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inj…
  from 0, < 4.2.11-2
• —CVE-2015-5475request-tracker4 - security update
  from 0, < 4.0.7-5+deb7u4
• —CVE-2015-5475request-tracker4 - security update
  from 0, < 4.2.11-2
• —CVE-2015-1464RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
  from 0, < 4.2.8-3
• —CVE-2015-1165RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs…
  from 0, < 4.2.8-3
• —CVE-2014-9472request-tracker4 - security update
  from 0, < 4.0.7-5+deb7u3
• —CVE-2014-9472request-tracker4 - security update
  from 0, < 4.2.8-3
• —CVE-2013-5587Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers…
  from 0, < 4.0.12-2
• —CVE-2013-3374Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session…
  from 0, < 4.0.12-2
• —CVE-2013-3373CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrar…
  from 0, < 4.0.12-2
• —CVE-2013-3372Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP header…
  from 0, < 4.0.12-2
• —CVE-2013-3371Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to in…
  from 0, < 4.0.12-2
• —CVE-2013-3370Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which al…
  from 0, < 4.0.12-2
• —CVE-2013-3369Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the adminis…
  from 0, < 4.0.12-2
• —CVE-2013-3368request-tracker3.8 - several
  from 0, < 4.0.12-2
• —CVE-2012-4733request-tracker4 - several
  from 0, < 4.0.7-5+deb7u2
• —CVE-2012-4733request-tracker4 - several
  from 0, < 4.0.12-2
• —CVE-2012-6581Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended r…
  from 0, < 4.0.7-2
• —CVE-2012-6580Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypt…
  from 0, < 4.0.7-2
• —CVE-2012-6579Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encrypt…
  from 0, < 4.0.7-2
• —CVE-2012-6578Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration,…
  from 0, < 4.0.7-2
• —CVE-2012-4884Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbit…
  from 0, < 4.0.7-2
• —CVE-2012-4734Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the…
  from 0, < 4.0.7-2
• —CVE-2012-4732Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versio…
  from 0, < 4.0.7-2
• —CVE-2012-4731rtfm - privilege escalation
  from 0, < 4.0.7-2
• —CVE-2012-4730request-tracker3.8 - several
  from 0, < 4.0.7-2
• —CVE-2012-2769Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for B…
  from 0, < 4.0.6-1
• —CVE-2012-2768rtfm - cross-site scripting
  from 0, < 4.0.6-1
• —CVE-2011-4460SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users…
  from 0, < 4.0.5-3
• —CVE-2011-4459Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated user…
  from 0, < 4.0.5-3
• —CVE-2011-4458Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enab…
  from 0, < 4.0.5-3
• —CVE-2011-2085Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote a…
  from 0, < 4.0.5-3
• —CVE-2011-2084Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords…
  from 0, < 4.0.5-3
• —CVE-2011-2083Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote atta…
  from 0, < 4.0.5-3
• —CVE-2011-2082request-tracker3.8 - several
  from 0, < 4.0.5-3