CVE-2021-38562

Опубликовано: 18 окт. 2021

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	released	4.4.4+dfsg-2ubuntu2
esm-apps/bionic	released	4.4.2-2ubuntu0.1~esm1
esm-apps/focal	released	4.4.3-2+deb10u3build0.20.04.1
esm-apps/jammy	released	4.4.4+dfsg-2ubuntu1.22.04.1
esm-apps/noble	released	4.4.4+dfsg-2ubuntu2
esm-apps/xenial	ignored	regressions likely
esm-infra-legacy/trusty	DNE
focal	released	4.4.3-2+deb10u3build0.20.04.1
hirsute	ignored	end of life

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	not-affected	5.0.5+dfsg-2
esm-apps/jammy	released	5.0.1+dfsg-1ubuntu1+esm1
esm-apps/noble	not-affected	5.0.5+dfsg-2
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
hirsute	DNE
impish	ignored	end of life
jammy	needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%

0.00085

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-38562

CVSS3: 7.5

nvd

больше 4 лет назад

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

CVE-2021-38562

CVSS3: 7.5

debian

больше 4 лет назад

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...

GHSA-f58f-h8w5-jgjr

CVSS3: 7.5

github

больше 3 лет назад

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

EPSS

Процентиль: 25%

0.00085

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2021-38562

Описание

Пакет request-tracker4

Пакет request-tracker5

Ссылки на источники

Связанные уязвимости