CVE-2024-3262

Information exposure vulnerability in Request Tracker (RT)

Description

Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.

Remediation

Solution:

  • Vulnerability fixed by applying the following patches: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a.patch and https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe.patch . In future versions of RT, this solution will be included as a configurable option of the tool.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Best Practical Solutions Request Tracker
Published at:
Updated at:

References

Link Tags
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt

Frequently Asked Questions

What is the severity of CVE-2024-3262?
CVE-2024-3262 has been scored as a medium severity vulnerability.
How to fix CVE-2024-3262?
To fix CVE-2024-3262: Vulnerability fixed by applying the following patches: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a.patch and https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe.patch . In future versions of RT, this solution will be included as a configurable option of the tool.
Is CVE-2024-3262 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-3262 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-3262?
CVE-2024-3262 affects Best Practical Solutions Request Tracker.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.