Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-41259


Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.


Published

2023-11-03T05:15:29.490

Last Modified

2024-11-21T08:20:55.950

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo
  • Type: Secondary
    CWE-200

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application bestpractical request_tracker < 4.4.7 Yes
Application bestpractical request_tracker < 5.0.5 Yes

References