{"id":"CVE-2023-41259","details":"Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.","modified":"2026-03-14T12:17:31.514342Z","published":"2023-11-03T05:15:29.490Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00046.html"},{"type":"ADVISORY","url":"https://docs.bestpractical.com/release-notes/rt/4.4.7"},{"type":"ADVISORY","url":"https://docs.bestpractical.com/release-notes/rt/5.0.5"},{"type":"ADVISORY","url":"https://docs.bestpractical.com/release-notes/rt/index.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41259.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.7"}]},{"events":[{"introduced":"5.0.0"},{"fixed":"5.0.5"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}