Sunnavy

**Name of the Vulnerable Software and Affected Versions** Best Practical Request Tracker (RT) versions 4.2 through 4.2.16 Best Practical Request Tracker (RT) versions 4.4 through 4.4.4 Best Practical Request Tracker (RT) versions 5.0 through 5.0.1 **Description** The issue allows sensitive information disclosure via a timing attack against the `lib/RT/REST2/Middleware/Auth.pm` module. **Recommendations** For versions 4.2 through 4.2.16, update to version 4.2.17 or later. For versions 4.4 through 4.4.4, update to version 4.4.5 or later. For versions 5.0 through 5.0.1, update to version 5.0.2 or later.