CVE-2023-41260

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 3, 2023

Updated: Nov 13, 2023

Summary

CVE-2023-41260 is a newly disclosed vulnerability affecting the Best Practical Request Tracker (RT) software versions prior to 4.4.7 and 5.x prior to 5.0.5. This issue enables Information Exposure through responses to mail-gateway REST API calls, potentially allowing unauthorized parties to obtain sensitive data. Attackers may exploit this vulnerability by making specific API requests, resulting in the disclosure of potentially confidential information. Organizations using RT are advised to update to the latest patched versions as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Best Practical Solutions
Bestpractical

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sdUVoi
https://www.cve.org/CVERecord?id=CVE-2023-41260
https://nvd.nist.gov/vuln/detail/CVE-2023-41260

Back to Vulnerability Database

CVE-2023-41260

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations