CVE-2023-41259

Published: Nov 3, 2023Modified: Nov 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.

Affected (2)

Products: Bestpractical: Request Tracker

Bestpractical

1 product

Request Tracker

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Bestpractical Request Tracker	Before 4.4.7
Bestpractical Request Tracker	From 5.0.0 to 5.0.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (7)

https://docs.bestpractical.com/release-notes/rt/4.4.7

Source: cve@mitre.org

Release NotesVendor Advisory

https://docs.bestpractical.com/release-notes/rt/5.0.5

Source: cve@mitre.org

Release NotesVendor Advisory

https://docs.bestpractical.com/release-notes/rt/index.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://docs.bestpractical.com/release-notes/rt/4.4.7

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://docs.bestpractical.com/release-notes/rt/5.0.5

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://docs.bestpractical.com/release-notes/rt/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00046.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.