CVE-2024-3262
request-tracker4 - security update
5.5
MEDIUM
CVSS 3.1
EPSS 0.02%
Description
Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.
How to fix CVE-2024-3262
To remediate CVE-2024-3262, upgrade the affected package to a fixed version below.
- —upgrade to 4.4.4+dfsg-2+deb11u4 or later
- —upgrade to 4.4.4+dfsg-2+deb11u4 or later
- —upgrade to 4.4.6+dfsg-1.1+deb12u2 or later
- —upgrade to 5.0.3+dfsg-3~deb12u3 or later
- —upgrade to 5.0.3+dfsg-3~deb12u3 or later
Is CVE-2024-3262 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 4.4.4+dfsg-2+deb11u4
- from 0, < 4.4.4+dfsg-2+deb11u4
- from 0, < 4.4.6+dfsg-1.1+deb12u2
- from 0, < 5.0.3+dfsg-3~deb12u3
- from 0, < 5.0.3+dfsg-3~deb12u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |