CVE-2021-38562 — Vulnetix

CVE-2021-38562 PUBLISHED CVSS 7.5 HIGH

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

EPSS 0.10% · 27.6th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.10%

27.6th percentile

Affected Products

Vendor	Product	Versions
fedoraproject	fedora	35
n/a	n/a	n/a
bestpractical	request_tracker	4.2.0, 4.4.0, 5.0.0
debian	debian_linux	9.0

Timeline

Oct 18, 2021 CVE Published
Oct 19, 2021 EPSS Score
Dec 14, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 6, 2022 EPSS Score
Jun 1, 2022 EPSS Score
Jul 28, 2022 EPSS Score
Sep 22, 2022 EPSS Score
Nov 18, 2022 EPSS Score
Jan 13, 2023 EPSS Score

References

https://docs.bestpractical.com/release-notes/rt/index.html url
https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c url
FEDORA-2021-825dd1879f vendor-advisory
[debian-lts-announce] 20220623 [SECURITY] [DLA 3057-1] request-tracker4 security update mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2021-38562 advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ url

Open in Interactive Console →