Fluid Attacks Database

Description

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	request-tracker4	>=0 <4.4.4+dfsg-3	4.4.4+dfsg-3
debian 12	request-tracker5	>=0 <5.0.3+dfsg-1	5.0.3+dfsg-1
debian 13	request-tracker5	>=0 <5.0.3+dfsg-1	5.0.3+dfsg-1
debian 14	request-tracker5	>=0 <5.0.3+dfsg-1	5.0.3+dfsg-1
debian 11	request-tracker4	=4.4.4+dfsg-2 \|\| >=0 <4.4.4+dfsg-2+deb11u1	4.4.4+dfsg-2+deb11u1

Aliases

1. CVE-2021-385622. NVD-2021-385623. OSV-DEBIAN-2021-385624. OSV-2021-385625. SECURITY-TRACKER-CVE-2021-38562

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.