CVE-2024-3262 — Vulnetix

CVE-2024-3262 PUBLISHED CVSS 5.5 MEDIUM

Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.

EPSS 0.02% · 5.7th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.02%

5.7th percentile

Affected Products

Vendor	Product	Versions
Best Practical Solutions	Request Tracker	4.4.1

Exploit Intelligence

https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html (circl)
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt (circl)

Timeline

Apr 4, 2024 CVE Published
Apr 5, 2024 EPSS Score
Apr 30, 2024 EPSS Score
May 26, 2024 EPSS Score
Jun 21, 2024 EPSS Score
Jul 16, 2024 EPSS Score
Aug 10, 2024 EPSS Score
Sep 5, 2024 EPSS Score
Sep 30, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 25, 2024 EPSS Score
Nov 19, 2024 EPSS Score

References

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt url
https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html url
https://nvd.nist.gov/vuln/detail/CVE-2024-3262 advisory

Open in Interactive Console →