CVE-2024-3262
MEDIUM5.5EPSS 0.02%request-tracker4 - security update
發布日:2024/4/4修改日:2026/4/28
描述
Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.
受影響套件(5)
- Debian/request-tracker4from 0, < 4.4.4+dfsg-2+deb11u4
- Debian/request-tracker4from 0, < 4.4.4+dfsg-2+deb11u4
- Debian/request-tracker4from 0, < 4.4.6+dfsg-1.1+deb12u2
- Debian/request-tracker5from 0, < 5.0.3+dfsg-3~deb12u3
- Debian/request-tracker5from 0, < 5.0.3+dfsg-3~deb12u3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |