Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
2023-11-03T05:15:29.490
2024-11-21T08:20:55.950
Modified
CVSSv3.1: 7.5 (HIGH)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | bestpractical | request_tracker | < 4.4.7 | Yes |
Application | bestpractical | request_tracker | < 5.0.5 | Yes |