Releases835
Frequency1 week 5 days
Last Release
Stars1.13K
Request Tracker, an enterprise-grade issue tracking system

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
8.1 HIGH

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker may be able to authenticate as any LDAP-backed RT user without supplying valid credentials. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by reviewing their LDAP server's authentication policy to ensure it rejects unauthenticated bind attempts. Upgrading RT remains the recommended fix.

8.8 HIGH

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the RT database. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by restricting RT account access to trusted users.

7.1 HIGH

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that user's behalf. This issue has been fixed in version 6.0.3.

4.6 MEDIUM

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can cause spreadsheet applications to interpret crafted values as formulas or macros when the file is opened. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by avoiding opening exported RT spreadsheet files directly in spreadsheet applications when the data may contain untrusted user input.

7.5 HIGH5 MEDIUM

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

4.3 MEDIUM

Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.

= 4.2.1, = 4.2.2, = 4.2.05 MEDIUM

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.

= 4.0.12, = 4.0.0, = 4.0.9, = 4.0.11, = 4.0.3, = 4.0.8, = 4.0.1, = 4.0.4, = 4.0.10, = 4.0.2, = 4.0.6, = 4.0.7, = 4.0.5, = 3.8.7, = 3.8.9, = 3.8.11, = 3.8.8, = 3.8.13, = 3.8.10, = 3.8.1, = 3.8.2, = 3.8.14, = 3.8.15, = 3.8.3, = 3.8.0, = 3.8.4, = 3.8.16, = 3.8.12, = 3.8.5, = 3.8.65 MEDIUM

CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.

= 4.0.12, = 4.0.0, = 4.0.9, = 4.0.11, = 4.0.3, = 4.0.8, = 4.0.1, = 4.0.6, = 4.0.7, = 4.0.10, = 4.0.2, = 4.0.4, = 4.0.52.6 LOW

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.

= 4.0.12, = 4.0.0, = 4.0.9, = 4.0.11, = 4.0.3, = 4.0.8, = 4.0.1, = 4.0.4, = 4.0.10, = 4.0.2, = 4.0.6, = 4.0.7, = 4.0.5, = 3.8.7, = 3.8.9, = 3.8.11, = 3.8.8, = 3.8.13, = 3.8.10, = 3.8.1, = 3.8.2, = 3.8.14, = 3.8.15, = 3.8.3, = 3.8.4, = 3.8.0, = 3.8.16, = 3.8.12, = 3.8.6, = 3.8.54.3 MEDIUM

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."

= 4.0.12, = 4.0.0, = 4.0.9, = 4.0.11, = 4.0.3, = 4.0.8, = 4.0.1, = 4.0.10, = 4.0.2, = 4.0.4, = 4.0.6, = 4.0.7, = 4.0.5, = 3.8.7, = 3.8.9, = 3.8.11, = 3.8.8, = 3.8.13, = 3.8.10, = 3.8.1, = 3.8.2, = 3.8.0, = 3.8.14, = 3.8.4, = 3.8.3, = 3.8.15, = 3.8.16, = 3.8.12, = 3.8.6, = 3.8.54.3 MEDIUM

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

= 3.8.7, = 3.8.9, = 3.8.11, = 3.8.8, = 3.8.13, = 3.8.10, = 3.8.1, = 3.8.2, = 3.8.0, = 3.8.15, = 3.8.3, = 3.8.14, = 3.8.4, = 3.8.5, = 3.8.6, = 3.8.16, = 3.8.12, = 4.0.12, = 4.0.0, = 4.0.9, = 4.0.11, = 4.0.3, = 4.0.8, = 4.0.1, = 4.0.10, = 4.0.2, = 4.0.7, = 4.0.4, = 4.0.6, = 4.0.54.3 MEDIUM

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.

= 4.0.12, = 4.0.0, = 4.0.9, = 4.0.11, = 4.0.3, = 4.0.8, = 4.0.1, = 4.0.2, = 4.0.6, = 4.0.10, = 4.0.4, = 4.0.7, = 4.0.5, = 3.8.7, = 3.8.9, = 3.8.11, = 3.8.8, = 3.8.13, = 3.8.10, = 3.8.1, = 3.8.2, = 3.8.0, = 3.8.4, = 3.8.15, = 3.8.14, = 3.8.3, = 3.8.16, = 3.8.12, = 3.8.5, = 3.8.66.8 MEDIUM

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.

= 3.8.7, = 3.8.9, = 3.8.11, = 3.8.8, = 3.8.13, = 3.8.10, = 3.8.1, = 3.8.2, = 3.8.0, = 3.8.14, = 3.8.3, = 3.8.4, = 3.8.15, = 3.8.16, = 3.8.12, = 3.8.6, = 3.8.5, = 4.0.12, = 4.0.0, = 4.0.9, = 4.0.11, = 4.0.3, = 4.0.8, = 4.0.1, = 4.0.6, = 4.0.2, = 4.0.10, = 4.0.4, = 4.0.7, = 4.0.56 MEDIUM

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.

= 4.0.12, = 4.0.0, = 4.0.9, = 4.0.11, = 4.0.3, = 4.0.8, = 4.0.1, = 4.0.2, = 4.0.6, = 4.0.7, = 4.0.10, = 4.0.4, = 4.0.5, = 3.8.7, = 3.8.9, = 3.8.11, = 3.8.8, = 3.8.13, = 3.8.10, = 3.8.1, = 3.8.2, = 3.8.4, = 3.8.3, = 3.8.0, = 3.8.14, = 3.8.15, = 3.8.16, = 3.8.12, = 3.8.6, = 3.8.53.3 LOW

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.

= 4.0.12, = 4.0.0, = 4.0.11, = 4.0.3, = 4.0.1, = 4.0.10, = 4.0.26 MEDIUM

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

= 3.8.7, = 3.8.9, = 4.0.0, = 3.8.11, = 3.8.8, = 3.8.13, = 3.8.10, = 3.8.1, = 3.8.0, = 3.8.3, = 3.8.2, = 4.0.3, = 4.0.1, = 3.8.5, = 3.8.12, = 3.8.6, = 4.0.8, = 4.0.7, = 3.8.4, = 4.0.4, = 4.0.2, = 3.8.14, = 4.0.6, = 4.0.53.5 LOW

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.

= 3.8.7, = 3.8.9, = 3.8.11, = 3.8.8, = 3.8.13, = 3.8.10, = 3.8.1, = 3.8.2, = 3.8.0, = 3.8.4, = 3.8.5, = 3.8.3, = 3.8.14, = 3.8.6, = 3.8.12, = 4.0.0, = 4.0.3, = 4.0.1, = 4.0.6, = 4.0.2, = 4.0.4, = 4.0.8, = 4.0.7, = 4.0.55 MEDIUM

Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.

= 3.8.7, = 3.8.9, = 4.0.0, = 3.8.11, = 3.8.8, = 3.8.13, = 3.8.10, = 3.8.1, = 3.8.0, = 3.8.2, = 4.0.1, = 3.8.3, = 4.0.3, = 3.8.4, = 3.8.6, = 4.0.4, = 4.0.7, = 3.8.14, = 4.0.6, = 4.0.2, = 3.8.5, = 3.8.12, = 4.0.8, = 4.0.55 MEDIUM

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.

= 3.8.13, = 3.8.14, = 3.8.12, = 4.0.6, = 4.0.8, = 4.0.76.8 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.

<= 4.0.5, = 3.8.0, = 3.8.1, = 3.8.2, = 3.8.3, = 3.8.4, = 3.8.5, = 3.8.6, = 3.8.7, = 3.8.8, = 3.8.9, = 3.8.10, = 3.8.11, = 3.8.12, = 4.0.0, = 4.0.1, = 4.0.2, = 4.0.3, = 4.0.44.3 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

all versions5 MEDIUM

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."

= 3.8.7, = 3.5.5, = 3.0.4, = 3.2.1, = 3.6.0, = 3.8.9, = 3.4.0, = 3.0.8, = 3.8.11, = 3.5.4, = 3.2.0, = 3.6.6, = 3.6.4, = 3.6.2, = 3.4.5, = 3.4.2, = 3.1.2, = 3.0.10, = 3.2.2, = 3.6.7, = 3.6.3, = 3.0.2, = 3.8.8, = 3.1.6, = 3.1.16, = 3.1.13, = 3.0.11, = 3.8.0, = 3.1.10, = 3.2.3, = 3.6.5, = 3.8.2, = 3.8.10, = 3.1.7, = 3.8.1, = 3.6.10, = 3.4.7, = 3.4.4, = 3.1.11, = 3.8.3, = 3.5.3, = 3.4.6, = 3.1.3, = 3.0.7, = 3.4.1, = 3.0.7.1, = 3.7.80, = 3.8.5, = 3.6.9, = 3.1.15, = 3.0.5, = 3.0.6, = 3.0.1, = 3.0.9, = 3.7.86, = 3.7.1, = 3.8.6, = 3.5.7, = 3.6.1, = 3.4.3, = 3.1.17, = 3.1.12, = 3.0.3, = 3.6.8, = 3.8.4, = 3.5.6, = 3.1.5, = 3.1.8, = 3.0.12, = 3.0.0, = 3.1.4, = 3.7.5, = 3.7.85, = 3.5.2, = 3.5.1, = 3.1.14, = 4.0.0, = 4.0.3, = 4.0.1, = 4.0.4, = 3.8.12, = 4.0.2, = 4.0.55 MEDIUM

The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009.

= 4.0.0, = 4.0.3, = 4.0.1, = 4.0.4, = 3.8.12, = 4.0.2, = 4.0.56.5 MEDIUM

Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.

= 3.8.7, = 3.5.5, = 3.0.4, = 3.2.1, = 3.6.0, = 3.8.9, = 3.4.0, = 3.0.8, = 3.8.11, = 3.2.0, = 3.4.2, = 3.6.6, = 3.6.3, = 3.6.2, = 3.0.2, = 3.4.5, = 3.8.8, = 3.0.10, = 3.1.2, = 3.2.2, = 3.6.7, = 3.5.4, = 3.6.4, = 3.4.4, = 3.1.6, = 3.1.16, = 3.0.11, = 3.2.3, = 3.6.5, = 3.8.0, = 3.8.10, = 3.1.7, = 3.4.7, = 3.1.11, = 3.8.2, = 3.8.3, = 3.8.1, = 3.6.10, = 3.1.10, = 3.1.13, = 3.5.3, = 3.4.6, = 3.0.6, = 3.4.1, = 3.0.7.1, = 3.6.9, = 3.7.1, = 3.5.6, = 3.6.1, = 3.4.3, = 3.1.5, = 3.1.8, = 3.1.17, = 3.0.3, = 3.0.0, = 3.6.8, = 3.7.86, = 3.8.6, = 3.5.7, = 3.1.12, = 3.0.5, = 3.8.4, = 3.1.3, = 3.1.15, = 3.0.7, = 3.0.12, = 3.0.1, = 3.0.9, = 3.7.80, = 3.8.5, = 3.5.2, = 3.1.4, = 3.1.14, = 3.7.5, = 3.7.85, = 3.5.1, = 4.0.0, = 4.0.3, = 4.0.1, = 4.0.4, = 3.8.12, = 4.0.2, = 4.0.57.5 HIGH

Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093.

= 3.8.7, = 3.5.5, = 3.0.4, = 3.2.1, = 2.0.7, = 3.6.0, = 3.8.9, = 4.0.0, = 3.4.0, = 3.2.0, = 3.4.2, = 3.6.4, = 3.8.11, = 2.0.6, = 3.5.4, = 3.1.2, = 3.4.5, = 3.6.7, = 3.8.8, = 3.0.8, = 3.6.6, = 2.0.14, = 3.0.10, = 3.0.2, = 2.0.5.3, = 3.6.5, = 3.4.4, = 3.1.6, = 3.1.13, = 3.6.2, = 3.1.10, = 3.8.1, = 3.0.11, = 3.6.3, = 3.8.0, = 3.8.3, = 3.8.10, = 4.0.1, = 4.0.3, = 2.0.15, = 2.0.8.2, = 3.4.7, = 3.1.7, = 3.1.11, = 3.2.2, = 3.8.2, = 2.0.5.1, = 2.0.1, = 2.0.2, = 3.5.3, = 3.4.6, = 3.1.16, = 3.0.6, = 3.8.5, = 3.8.6, = 4.0.4, = 2.0.8, = 3.5.6, = 3.6.10, = 3.1.5, = 2.0.13, = 2.0.11, = 2.0.0, = 3.2.3, = 3.4.3, = 3.0.5, = 3.0.1, = 3.6.8, = 3.6.9, = 2.0.5, = 3.6.1, = 3.1.8, = 3.1.12, = 3.0.3, = 3.0.0, = 3.8.4, = 3.1.4, = 3.1.3, = 3.1.15, = 3.0.7, = 3.0.9, = 3.0.7.1, = 3.7.5, = 3.7.80, = 3.7.1, = 4.0.5, = 2.0.3, = 2.0.4, = 3.5.2, = 3.5.1, = 3.1.14, = 2.0.12, = 3.1.17, = 3.7.86, = 3.0.12, = 3.4.1, = 4.0.2, = 2.0.9, = 3.5.7, = 3.7.856.5 MEDIUM

SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.

= 3.8.7, = 3.5.5, = 3.0.4, = 3.2.1, = 3.6.0, = 3.8.9, = 3.4.0, = 3.0.8, = 3.8.11, = 3.6.2, = 3.1.2, = 3.4.5, = 3.2.2, = 3.2.0, = 3.4.2, = 3.6.3, = 3.0.10, = 3.0.2, = 3.8.8, = 3.6.7, = 3.5.4, = 3.6.6, = 3.6.4, = 3.1.7, = 3.1.10, = 3.2.3, = 3.6.5, = 3.8.2, = 3.8.10, = 3.4.7, = 3.4.4, = 3.1.11, = 3.8.0, = 3.8.3, = 3.8.1, = 3.6.10, = 3.1.6, = 3.1.16, = 3.1.13, = 3.0.11, = 3.6.1, = 3.4.6, = 3.4.3, = 3.1.17, = 3.1.12, = 3.6.8, = 3.7.86, = 3.5.3, = 3.1.15, = 3.0.5, = 3.0.6, = 3.0.7, = 3.0.1, = 3.0.9, = 3.7.80, = 3.8.5, = 3.7.1, = 3.5.7, = 3.5.6, = 3.1.5, = 3.1.8, = 3.0.3, = 3.0.0, = 3.8.4, = 3.8.6, = 3.1.3, = 3.0.12, = 3.4.1, = 3.0.7.1, = 3.6.9, = 3.7.85, = 3.1.4, = 3.7.5, = 3.5.1, = 3.1.14, = 3.5.2, = 4.0.0, = 4.0.3, = 4.0.1, = 4.0.4, = 4.0.5, = 4.0.2, = 3.8.123.5 LOW

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.

= 3.8.7, = 3.6.0, = 3.8.9, = 4.0.0, = 3.8.11, = 3.6.4, = 3.8.8, = 3.6.6, = 3.6.3, = 3.6.2, = 3.8.1, = 3.8.0, = 4.0.1, = 3.6.5, = 3.8.2, = 4.0.3, = 3.6.7, = 3.8.3, = 3.8.10, = 3.6.1, = 3.6.8, = 3.7.86, = 3.8.4, = 3.8.6, = 3.6.9, = 3.6.10, = 3.8.5, = 4.0.4, = 3.7.5, = 3.7.80, = 3.7.1, = 4.0.2, = 3.7.85, = 4.0.56.8 MEDIUM

Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.

= 3.8.7, = 3.5.5, = 3.0.4, = 3.2.1, = 2.0.7, = 3.6.0, = 3.8.9, = 3.4.0, = 3.0.8, = 3.5.4, = 3.2.0, = 3.6.6, = 3.0.10, = 3.0.2, = 3.8.8, = 2.0.6, = 3.6.7, = 3.6.4, = 2.0.14, = 3.6.2, = 3.4.5, = 3.4.2, = 3.1.2, = 3.6.3, = 3.1.6, = 3.1.13, = 3.0.11, = 3.4.7, = 3.4.4, = 3.1.11, = 3.6.5, = 3.8.0, = 3.8.3, = 2.0.13, = 2.0.5.3, = 3.1.7, = 3.2.2, = 3.8.2, = 3.8.1, = 1.0.5, = 2.0.15, = 1.0.1, = 3.1.10, = 3.8.10, = 2.0.8.2, = 1.0.7, = 3.6.1, = 3.5.6, = 3.6.10, = 3.5.3, = 3.4.6, = 3.1.16, = 3.0.7, = 3.4.3, = 3.1.5, = 3.1.8, = 3.0.0, = 2.0.0, = 1.0.0, = 3.1.17, = 3.1.12, = 3.0.3, = 3.6.8, = 3.8.4, = 3.8.6, = 2.0.1, = 2.0.8, = 1.0.2, = 3.8.5, = 3.6.9, = 2.0.11, = 2.0.5.1, = 2.0.5, <= 3.8.11, = 3.2.3, = 3.0.5, = 3.0.6, = 3.0.1, = 3.7.86, = 2.0.2, = 1.0.4, = 3.5.2, = 3.1.3, = 3.4.1, = 3.0.7.1, = 3.7.80, = 3.5.7, = 3.5.1, = 3.1.14, = 3.0.12, = 1.0.3, = 3.7.85, = 2.0.12, = 2.0.4, = 3.1.4, = 3.1.15, = 3.0.9, = 3.7.5, = 3.7.1, = 2.0.3, = 2.0.9, = 1.0.6, = 4.0.0, = 4.0.3, = 4.0.1, = 4.0.4, = 3.8.12, = 4.0.2, = 4.0.56.8 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.

= 3.8.7, = 3.5.5, = 3.0.4, = 3.2.1, = 3.6.0, = 3.8.9, = 3.4.0, = 3.0.8, = 3.8.11, = 3.6.2, = 3.5.4, = 3.4.2, = 3.1.2, = 3.4.5, = 3.2.2, = 3.6.7, = 3.6.3, = 3.0.10, = 3.0.2, = 3.8.8, = 3.6.6, = 3.6.4, = 3.2.0, = 3.6.10, = 3.1.6, = 3.1.16, = 3.1.13, = 3.0.11, = 3.1.7, = 3.8.1, = 3.8.2, = 3.4.7, = 3.4.4, = 3.1.11, = 3.8.3, = 3.6.5, = 3.8.0, = 3.1.10, = 3.2.3, = 3.8.10, = 3.6.1, = 3.5.7, = 3.5.6, = 3.4.6, = 3.1.3, = 3.4.3, = 3.1.17, = 3.0.5, = 3.6.8, = 3.7.86, = 3.8.6, = 3.1.5, = 3.1.8, = 3.1.12, = 3.0.3, = 3.0.0, = 3.8.4, = 3.0.12, = 3.4.1, = 3.6.9, = 3.5.3, = 3.1.15, = 3.0.6, = 3.0.7, = 3.0.1, = 3.0.9, = 3.0.7.1, = 3.7.80, = 3.8.5, = 3.7.1, = 3.5.2, = 3.1.14, = 3.5.1, = 3.7.85, = 3.1.4, = 3.7.5, = 4.0.0, = 4.0.3, = 4.0.1, = 4.0.4, = 4.0.2, = 3.8.12, = 4.0.54 MEDIUM

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account.

= 3.8.7, = 3.5.5, = 3.0.4, = 3.2.1, = 3.6.0, = 3.8.9, = 3.4.0, = 3.0.8, = 3.8.11, = 3.6.2, = 3.4.2, = 3.1.2, = 3.4.5, = 3.5.4, = 3.2.0, = 3.0.10, = 3.2.2, = 3.6.7, = 3.6.6, = 3.6.4, = 3.6.3, = 3.0.2, = 3.8.8, = 3.1.10, = 3.2.3, = 3.8.1, = 3.8.2, = 3.8.10, = 3.4.7, = 3.1.7, = 3.1.11, = 3.1.16, = 3.0.11, = 3.6.5, = 3.8.0, = 3.6.10, = 3.4.4, = 3.1.6, = 3.1.13, = 3.8.3, = 3.4.6, = 3.4.3, = 3.1.17, = 3.0.5, = 3.0.6, = 3.0.1, = 3.7.86, = 3.8.6, = 3.5.3, = 3.6.1, = 3.5.7, = 3.1.8, = 3.1.12, = 3.0.3, = 3.0.0, = 3.6.8, = 3.1.3, = 3.1.15, = 3.0.7, = 3.0.9, = 3.0.7.1, = 3.7.80, = 3.8.5, = 3.6.9, = 3.7.1, = 3.8.4, = 3.5.6, = 3.1.5, = 3.0.12, = 3.4.1, = 3.7.5, = 3.7.85, = 3.1.4, = 3.5.2, = 3.5.1, = 3.1.14, = 4.0.0, = 4.0.3, = 4.0.1, = 4.0.4, = 4.0.5, = 4.0.2, = 3.8.124.3 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

= 3.0.4, = 2.0.7, = 3.0.8, = 2.0.6, = 3.4.5, = 3.0.2, = 2.0.14, = 3.6.7, = 3.6.2, = 2.0.2, = 3.6.3, = 2.0.5.3, = 2.0.0, = 2.0.1, = 3.0.11, = 3.4.0, = 3.2.0, = 2.0.15, = 2.0.8.2, = 3.0.5, = 3.2.2, = 3.2.3, = 2.0.13, = 2.0.11, = 3.6.0, = 3.0.10, = 3.6.10, = 2.0.3, = 3.0.3, = 3.4.2, = 3.4.3, = 3.6.5, = 2.0.5.1, = 3.4.6, = 3.6.4, = 3.0.12, = 3.4.1, = 2.0.8, = 2.0.4, = 2.0.5, = 3.0.0, = 3.4.4, = 3.2.1, = 3.6.8, = 3.6.9, = 2.0.12, = 2.0.9, = 3.6.1, = 3.0.6, = 3.0.7, = 3.0.1, = 3.0.9, = 3.0.7.1, = 3.6.6, = 3.8.7, = 3.8.9, = 3.8.8, = 3.8.2, = 3.8.0, = 3.8.3, = 3.8.4, = 3.8.5, = 3.8.1, = 3.8.6, = 4.0.04.3 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

= 3.6.7, = 3.6.2, = 3.6.3, = 3.6.0, = 3.6.10, = 3.6.9, = 3.6.6, = 3.6.5, = 3.6.8, = 3.6.1, = 3.6.4, = 3.8.7, = 3.8.8, = 3.8.2, = 3.8.0, = 3.8.5, = 3.8.6, = 3.8.1, = 3.8.4, = 3.8.34.3 MEDIUM

Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.

= 3.4.5, = 3.6.7, = 3.6.2, = 3.2.2, = 3.6.3, = 3.6.0, = 3.4.0, = 3.6.10, = 3.2.3, = 3.2.0, = 3.4.3, = 3.4.4, = 3.4.1, = 3.4.2, = 3.6.4, = 3.6.5, = 3.2.1, = 3.4.6, = 3.6.6, = 3.6.1, = 3.6.8, = 3.6.9, = 3.8.7, = 3.8.9, = 3.8.8, = 3.8.2, = 3.8.0, = 3.8.5, = 3.8.4, = 3.8.3, = 3.8.1, = 3.8.6, = 4.0.04.3 MEDIUM

Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.

= 3.0.4, = 3.0.8, = 3.4.5, = 3.0.2, = 3.6.7, = 3.6.2, = 3.2.2, = 3.6.3, = 3.0.11, = 3.0.3, = 3.4.4, = 3.4.3, = 3.6.5, = 3.6.6, = 3.6.0, = 3.0.10, = 3.4.0, = 3.6.9, = 3.0.0, = 3.0.5, = 3.0.1, = 3.2.1, = 3.2.3, = 3.6.8, = 3.4.6, = 3.6.10, = 3.2.0, = 3.6.1, = 3.0.7, = 3.0.9, = 3.0.7.1, = 3.0.6, = 3.0.12, = 3.4.1, = 3.4.2, = 3.6.4, = 3.8.7, = 3.8.9, = 3.8.8, = 3.8.2, = 3.8.0, = 3.8.1, = 3.8.5, = 3.8.6, = 3.8.4, = 3.8.3, = 4.0.04 MEDIUM

Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.

= 3.0.4, = 2.0.7, = 3.0.8, = 2.0.6, = 3.4.5, = 3.0.2, = 2.0.14, = 3.6.7, = 3.6.2, = 2.0.13, = 2.0.8.2, = 3.6.0, = 3.0.5, = 2.0.11, = 2.0.0, = 2.0.1, = 3.0.11, = 3.4.0, = 3.2.0, = 3.6.10, = 2.0.5.3, = 2.0.2, = 3.6.3, = 3.0.10, = 3.2.3, = 2.0.15, = 3.2.2, = 2.0.9, = 3.0.0, = 3.0.6, = 2.0.12, = 2.0.5.1, = 3.6.1, = 3.4.6, = 3.0.7, = 3.4.1, = 3.0.7.1, = 2.0.3, = 3.6.4, = 3.0.12, = 3.4.2, = 3.4.3, = 3.6.5, = 3.0.1, = 3.0.9, = 3.6.9, = 3.6.6, = 2.0.8, = 2.0.4, = 2.0.5, = 3.0.3, = 3.4.4, = 3.2.1, = 3.6.8, = 3.8.7, = 3.8.9, = 3.8.8, = 3.8.2, = 3.8.0, = 3.8.5, = 3.8.6, = 3.8.4, = 3.8.3, = 3.8.1, = 4.0.06.5 MEDIUM

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.

= 3.8.7, = 3.8.9, = 3.8.8, = 3.8.2, = 3.8.0, = 3.8.3, = 3.8.4, = 3.8.6, = 3.8.1, = 3.8.5, = 4.0.04.6 MEDIUM

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.

<= 3.8.9, = 3.0.4, = 2.0.7, = 3.8.9, = 3.0.8, = 3.8.8, = 2.0.6, = 3.4.5, = 3.6.0, = 3.6.3, = 3.6.2, = 1.0.5, = 3.0.2, = 2.0.14, = 2.0.5.3, = 1.0.7, = 3.8.0, = 3.4.0, = 2.0.8.2, = 3.8.2, = 3.6.7, = 3.0.11, = 3.2.2, = 2.0.15, = 1.0.1, = 3.6.8, = 3.6.1, = 3.0.5, = 3.0.1, = 3.0.9, = 3.0.7.1, = 2.0.11, = 2.0.5, = 1.0.4, = 3.6.6, = 3.8.5, = 3.6.9, = 3.0.3, = 3.4.4, = 3.4.3, = 3.2.1, = 3.2.3, = 2.0.13, = 2.0.5.1, = 3.8.3, = 3.0.6, = 3.0.7, = 3.0.10, = 3.8.6, = 3.2.0, = 2.0.8, = 2.0.2, = 1.0.2, = 3.4.6, = 3.6.5, = 3.0.12, = 3.0.0, = 2.0.1, = 2.0.0, = 1.0.0, = 2.0.9, = 2.0.4, = 3.6.4, = 2.0.12, = 1.0.6, = 3.8.4, = 3.8.1, = 3.8.7, = 2.0.3, = 1.0.3, = 3.4.1, = 3.4.24 MEDIUM

Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.

<= 3.8.9, = 3.0.4, = 2.0.7, = 3.8.9, = 3.0.8, = 3.8.8, = 2.0.6, = 3.4.5, = 3.6.7, = 3.0.2, = 3.6.0, = 3.6.2, = 3.8.0, = 3.8.2, = 3.0.11, = 3.4.0, = 1.0.1, = 3.2.2, = 2.0.15, = 2.0.14, = 2.0.5.3, = 1.0.7, = 2.0.8.2, = 3.6.3, = 1.0.5, = 3.6.5, = 3.8.5, = 3.0.12, = 3.6.1, = 3.0.5, = 3.0.6, = 3.0.1, = 3.0.10, = 3.0.7.1, = 3.2.0, = 3.8.3, = 3.4.6, = 3.0.7, = 3.8.6, = 3.0.0, = 2.0.8, = 2.0.2, = 2.0.1, = 1.0.2, = 3.4.3, = 3.2.1, = 2.0.0, = 1.0.0, = 1.0.4, = 3.6.8, = 3.6.6, = 3.6.9, = 3.0.3, = 3.4.4, = 3.2.3, = 3.0.9, = 2.0.13, = 2.0.11, = 2.0.5.1, = 2.0.5, = 3.6.4, = 3.4.2, = 3.8.4, = 3.8.7, = 2.0.9, = 3.8.1, = 3.4.1, = 2.0.4, = 2.0.3, = 1.0.3, = 2.0.12, = 1.0.62.1 LOW

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.

= 3.5.5, = 3.0.4, = 3.2.1, = 3.6.0, = 3.4.0, = 3.0.8, = 3.4.2, = 3.6.4, = 3.8.8, = 3.0.11, = 3.0.2, = 3.8.2, = 3.4.5, = 3.2.0, = 3.1.2, = 3.2.2, = 3.6.6, = 3.6.3, = 3.6.7, = 3.5.4, = 3.6.2, = 3.1.6, = 3.0.10, = 3.1.11, = 3.1.16, = 3.0.0, = 3.2.3, = 3.8.1, = 3.6.5, = 3.4.4, = 3.1.13, = 3.8.3, = 3.8.0, = 3.1.10, = 3.0.5, = 3.4.6, = 3.5.3, = 3.4.7, = 3.1.7, = 3.0.1, = 3.6.1, = 3.8.4, = 3.8.6, = 3.7.85, = 3.5.7, = 3.4.3, = 3.6.8, = 3.8.5, = 3.0.9, = 3.1.12, = 3.1.15, = 3.6.9, = 3.0.7, = 3.0.12, = 3.0.3, = 3.0.7.1, <= 3.8.9, = 3.7.86, = 3.5.6, = 3.1.3, = 3.1.17, = 3.0.6, = 3.4.1, = 3.7.1, = 3.7.5, = 3.7.80, = 3.1.8, = 3.1.5, = 3.1.4, = 3.1.14, = 3.8.7, = 3.5.2, = 3.5.1, = 4.0.04.3 MEDIUM

Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

= 3.0.4, = 3.0.8, = 3.4.5, = 3.0.2, = 3.6.7, = 3.6.2, = 3.2.2, = 3.6.3, = 3.0.11, = 3.0.1, = 3.4.0, = 3.6.0, = 3.0.10, = 3.8.0, = 3.2.0, = 3.4.3, = 3.4.4, = 3.6.5, = 3.8.2, = 3.8.5, = 3.0.3, = 3.0.5, = 3.2.1, = 3.2.3, = 3.4.6, = 3.6.6, = 3.6.9, = 3.0.6, = 3.0.7, = 3.6.1, = 3.8.4, = 3.8.3, = 3.0.7.1, = 3.4.1, = 3.4.2, = 3.8.1, = 3.0.12, = 3.0.9, = 3.6.4, = 3.6.85.8 MEDIUM

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585.

= 3.0.4, = 3.0.8, = 3.4.5, = 3.0.2, = 3.6.7, = 3.6.2, = 3.2.2, = 3.6.3, = 3.0.11, = 3.6.6, = 3.8.5, = 3.0.1, = 3.0.10, = 3.8.0, = 3.4.3, = 3.0.3, = 3.2.0, = 3.2.1, = 3.6.5, = 3.8.2, = 3.4.4, = 3.0.5, = 3.2.3, = 3.4.6, = 3.6.0, = 3.6.9, = 3.4.0, = 3.8.4, = 3.0.7, = 3.0.7.1, = 3.6.1, = 3.8.1, = 3.4.2, = 3.6.4, = 3.8.3, = 3.0.6, = 3.6.8, = 3.4.1, = 3.0.12, = 3.0.95.8 MEDIUM

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain.

= 3.6.7, = 3.6.2, = 3.6.3, = 3.8.2, = 3.6.0, = 3.8.0, = 3.4.6, = 3.6.6, = 3.6.5, = 3.8.1, = 3.6.8, = 3.8.4, = 3.6.4, = 3.8.3, = 3.6.14.3 MEDIUM

Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.

= 3.0.4, = 3.0.8, = 3.4.5, = 3.0.2, = 3.6.2, = 3.2.2, = 3.6.3, = 3.0.11, = 3.6.0, = 3.0.3, = 3.2.0, = 3.2.1, = 3.4.4, = 3.6.6, = 3.0.12, = 3.4.3, = 3.6.5, = 3.0.1, = 3.0.10, = 3.0.7, = 3.0.7.1, = 3.4.0, = 3.0.0, = 3.0.5, = 3.0.6, = 3.2.3, = 3.4.6, = 3.0.9, = 3.4.2, = 3.6.4, = 3.4.1, = 3.6.14 MEDIUM

Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.