CVE-2024-3262

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions RT software version 4.4.1

Description The issue allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets. This is because the application stores the information in the browser cache, leading to information exposure despite session termination.

Recommendations For RT software version 4.4.1, consider clearing the browser cache after each session to minimize the risk of information exposure. As a temporary workaround, restrict local access to the device to prevent potential attackers from retrieving sensitive information.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2024-3262

DLA-4157-1

DSA-5909-1

DSA-5911-1

USN-7692-1

Affected Products

Debian

Linuxmint

Ubuntu

CVE-2024-3262

Weakness Enumeration

Related Identifiers

Affected Products

References · 25