CVE-2015-1165

Description

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

How to fix CVE-2015-1165

To remediate CVE-2015-1165, upgrade the affected package to a fixed version below.

• Debian/request-tracker4—upgrade to 4.2.8-3 or later

Is CVE-2015-1165 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.2.8-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-1165