Fluid Attacks Database

Description

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	request-tracker4	>=0 <4.0.12-2	4.0.12-2
debian 12	request-tracker4	>=0 <4.0.12-2	4.0.12-2

Aliases

1. CVE-2013-33742. NVD-2013-33743. OSV-DEBIAN-2013-33744. OSV-2013-33745. SECURITY-TRACKER-CVE-2013-3374

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.