FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-09-13 07:13:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e14b9870-62a4-11ee-897b-000bab9f87f1	Request Tracker -- multiple vulnerabilities Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface. CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface. CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder. Discovery 2023-10-18 Entry 2023-10-18 rt44 < 4.4.6 rt50 < 5.0.4 CVE-2023-41259 CVE-2023-41260 CVE-2023-45024 https://bestpractical.com/request-tracker/
51498ee4-39a1-11ef-b609-002590c1f29c	Request Tracker -- information exposure vulnerability Request Tracker reports: CVE-2024-3262 describes previously viewed pages being stored in the browser cache, which is the typical default behavior of most browsers to enable the "back" button. Someone who gains access to a host computer could potentially view ticket data using the back button, even after logging out of RT. The CVE specifically references RT version 4.4.1, but this behavior is present in most browsers viewing all versions of RT before 5.0.6. Discovery 2024-04-04 Entry 2024-07-04 rt50 < 5.0.6 CVE-2024-3262 https://github.com/advisories/GHSA-6426-p644-ffcf

VuXML ID

Description

e14b9870-62a4-11ee-897b-000bab9f87f1

Request Tracker -- multiple vulnerabilities

Request Tracker reports:

CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface.

CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface.

CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder.

Discovery 2023-10-18
Entry 2023-10-18
rt44

< 4.4.6

rt50

< 5.0.4

CVE-2023-41259
CVE-2023-41260
CVE-2023-45024
https://bestpractical.com/request-tracker/

51498ee4-39a1-11ef-b609-002590c1f29c

Request Tracker -- information exposure vulnerability

Request Tracker reports:

CVE-2024-3262 describes previously viewed pages being stored in the browser cache, which is the typical default behavior of most browsers to enable the "back" button. Someone who gains access to a host computer could potentially view ticket data using the back button, even after logging out of RT. The CVE specifically references RT version 4.4.1, but this behavior is present in most browsers viewing all versions of RT before 5.0.6.

Discovery 2024-04-04
Entry 2024-07-04
rt50

< 5.0.6

CVE-2024-3262
https://github.com/advisories/GHSA-6426-p644-ffcf