Explore top 10 tips to secure your open-source projects now. Read More
×CVE-2016-6127
It was discovered that Request Tracker is vulnerable to a cross-site
scripting (XSS) attack if an attacker uploads a malicious file with
a certain content type. Installations which use the
AlwaysDownloadAttachments config setting are unaffected by this
flaw. The applied fix addresses all existant and future uploaded
attachments.
CVE-2017-5361
It was discovered that Request Tracker is vulnerable to timing
side-channel attacks for user passwords.
CVE-2017-5943
It was discovered that Request Tracker is prone to an information
leak of cross-site request forgery (CSRF) verification tokens if a
user is tricked into visiting a specially crafted URL by an
attacker.
CVE-2017-5944
It was discovered that Request Tracker is prone to a remote code
execution vulnerability in the dashboard subscription interface. A
privileged attacker can take advantage of this flaw through
carefully-crafted saved search names to cause unexpected code to be
...
Get the latest Linux and open source security news straight to your inbox.