CVE-2023-41260

Name of the Vulnerable Software and Affected Versions Request Tracker (RT) versions 4.4.6 and earlier Request Tracker (RT) versions 5.x prior to 5.0.5

Description The issue allows information exposure in responses to mail-gateway REST API calls. This is due to excessive data output by the application when authenticated users search for transactions in the transaction query builder. Exploitation of this issue may allow a remote attacker to gain unauthorized access to confidential information.

Recommendations For versions prior to 4.4.7, update to version 4.4.7 or later. For versions 5.x prior to 5.0.5, update to version 5.0.5 or later. As a temporary workaround, consider restricting access to the mail-gateway REST API until a patch is available.