Home

CVE-2021-38562

Description

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.085

Associated Vulnerability

VulnerabilityOS Platform
An enterprise-grade issue tracking system (USN-6529-1) rt4-fcgi_4.4.4+dfsg-2ubuntu1.22.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-fcgi_4.4.4+dfsg-2ubuntu1.23.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-fcgi_4.4.4+dfsg-2ubuntu1.23.10.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-fcgi_4.4.3-2+deb10u3build0.20.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-apache2_4.4.4+dfsg-2ubuntu1.22.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-apache2_4.4.4+dfsg-2ubuntu1.23.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-apache2_4.4.4+dfsg-2ubuntu1.23.10.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-apache2_4.4.3-2+deb10u3build0.20.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-clients_4.4.4+dfsg-2ubuntu1.22.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-clients_4.4.4+dfsg-2ubuntu1.23.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-clients_4.4.4+dfsg-2ubuntu1.23.10.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-clients_4.4.3-2+deb10u3build0.20.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-mysql_4.4.4+dfsg-2ubuntu1.22.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-mysql_4.4.4+dfsg-2ubuntu1.23.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-mysql_4.4.4+dfsg-2ubuntu1.23.10.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-mysql_4.4.3-2+deb10u3build0.20.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-sqlite_4.4.4+dfsg-2ubuntu1.22.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-sqlite_4.4.4+dfsg-2ubuntu1.23.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-sqlite_4.4.4+dfsg-2ubuntu1.23.10.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-sqlite_4.4.3-2+deb10u3build0.20.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-standalone_4.4.4+dfsg-2ubuntu1.22.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-standalone_4.4.4+dfsg-2ubuntu1.23.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-standalone_4.4.4+dfsg-2ubuntu1.23.10.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-standalone_4.4.3-2+deb10u3build0.20.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) request-tracker4_4.4.4+dfsg-2ubuntu1.22.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) request-tracker4_4.4.4+dfsg-2ubuntu1.23.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) request-tracker4_4.4.4+dfsg-2ubuntu1.23.10.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) request-tracker4_4.4.3-2+deb10u3build0.20.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-postgresql_4.4.4+dfsg-2ubuntu1.22.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-postgresql_4.4.4+dfsg-2ubuntu1.23.04.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-postgresql_4.4.4+dfsg-2ubuntu1.23.10.1_all.debLinux
An enterprise-grade issue tracking system (USN-6529-1) rt4-db-postgresql_4.4.3-2+deb10u3build0.20.04.1_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234