DSA-5541-1 request-tracker5 – security update

Read Time:31 Second

Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.

CVE-2023-41259

Tom Wolters reported that Request Tracker is vulnerable to accepting
unvalidated RT email headers in incoming email and the mail-gateway
REST interface.

CVE-2023-41260

Tom Wolters reported that Request Tracker is vulnerable to
information leakage via response messages returned from requests
sent via the mail-gateway REST interface.

CVE-2023-45024

It was reported that Request Tracker is vulnerable to information
leakage via transaction searches made by authenticated users in the
transaction query builder.

https://security-tracker.debian.org/tracker/DSA-5541-1

Read More