CVE-2021-38562

Опубликовано: 18 окт. 2021

Источник: debian

EPSS Низкий

Описание

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
request-tracker5	fixed	5.0.3+dfsg-1		package
request-tracker4	fixed	4.4.4+dfsg-3		package
request-tracker4	fixed	4.4.4+dfsg-2+deb11u1	bullseye	package
request-tracker4	fixed	4.4.3-2+deb10u1	buster	package

Примечания

https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c (rt-5.0.2)
https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.4.5)
https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17)

EPSS

Процентиль: 25%

0.00085

Низкий

Связанные уязвимости

CVE-2021-38562

CVSS3: 7.5

ubuntu

больше 4 лет назад

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

CVE-2021-38562

CVSS3: 7.5

nvd

больше 4 лет назад

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

GHSA-f58f-h8w5-jgjr

CVSS3: 7.5

github

больше 3 лет назад

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

EPSS

Процентиль: 25%

0.00085

Низкий