{"id":"CVE-2021-38562","details":"Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.","modified":"2026-03-14T08:43:42.401007Z","published":"2021-10-18T09:15:08.767Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"},{"type":"ADVISORY","url":"https://docs.bestpractical.com/release-notes/rt/index.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"},{"type":"FIX","url":"https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bestpractical/rt","events":[{"introduced":"8130561b24bc13ef2588cbcebfdecbdc305eefbb"},{"fixed":"1fd0c7614d6a204878f01f7c9b3578812df2faae"},{"introduced":"7197d3dade64d6ef63a329fe0e4e24bd05ca9cd9"},{"fixed":"edbeab18ff2a584d3da1bbcd58d4d0c3d180e25b"},{"introduced":"b88a9bf29c440aa6a71fd91c48b4016ec7ab92f3"},{"fixed":"185e82bc4d92ad7d6d5cc7ea4a949d9ad656c85e"},{"fixed":"70749bb66cb13dd70bd53340c371038a5f3ca57c"}],"database_specific":{"versions":[{"introduced":"4.2.0"},{"fixed":"4.2.17"},{"introduced":"4.4.0"},{"fixed":"4.4.5"},{"introduced":"5.0.0"},{"fixed":"5.0.2"}]}}],"versions":["rt-4.0.18","rt-4.0.18rc1","rt-4.0.19","rt-4.0.19rc1","rt-4.0.20","rt-4.0.20rc1","rt-4.0.21","rt-4.0.21rc1","rt-4.0.22","rt-4.0.22rc1","rt-4.0.23","rt-4.0.23rc1","rt-4.0.24","rt-4.2.0","rt-4.2.0rc5","rt-4.2.1","rt-4.2.10","rt-4.2.10rc1","rt-4.2.11","rt-4.2.11rc1","rt-4.2.11rc2","rt-4.2.12","rt-4.2.13","rt-4.2.13rc1","rt-4.2.14","rt-4.2.14rc1","rt-4.2.14rc2","rt-4.2.14rc3","rt-4.2.15","rt-4.2.15beta1","rt-4.2.16","rt-4.2.16beta1","rt-4.2.1rc1","rt-4.2.2","rt-4.2.2rc1","rt-4.2.3","rt-4.2.3rc1","rt-4.2.4","rt-4.2.4rc1","rt-4.2.5","rt-4.2.5rc1","rt-4.2.5rc2","rt-4.2.6","rt-4.2.6rc1","rt-4.2.7","rt-4.2.7rc1","rt-4.2.8","rt-4.2.9","rt-4.2.9rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38562.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}