{"id":"USN-7692-1","summary":"request-tracker5 vulnerabilities","details":"It was discovered that Request Tracker was susceptible to timing\nattacks. An attacker could possibly use this issue to access sensitive\ninformation. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-38562)\n\nIt was discovered that Request Tracker was susceptible to cross-site\nscripting attacks when malicious attachments were supplied. An attacker\ncould possibly use this issue to execute arbitrary code. This issue\nonly affected Ubuntu 22.04 LTS. (CVE-2022-25802)\n\nIt was discovered that Request Tracker would incorrectly redirect users\nin certain instances. An attacker could possibly use this issue to\ncause a denial of service. This issue only affected Ubuntu 22.04 LTS.\n(CVE-2022-25803)\n\nTom Wolters discovered that Request Tracker could leak information when\nmalicious email headers were supplied. An attacker could possibly\nuse this issue to access sensitive information. This issue only\naffected Ubuntu 22.04 LTS. (CVE-2023-41259, CVE-2023-41260)\n\nIt was discovered that Request Tracker could leak information through\nits transaction search. An attacker with access to the transaction\nquery builder of Request Tracker could possibly use this issue to\naccess sensitive information. This issue only affected Ubuntu 22.04\nLTS. (CVE-2023-45024)\n\nIt was discovered that Request Tracker erroneously stored ticket\ninformation in a web browser's cache. An attacker with direct access to\na system could possibly use this issue to access sensitive information.\nThis issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.\n(CVE-2024-3262)\n\nIt was discovered that Request Tracker made use of an obsolete\ncryptographic algorithm for emails sent with S/MIME encryption. An\nattacker could possibly use this issue to access sensitive information.\n(CVE-2025-2545)\n\nIt was discovered that Request Tracker was susceptible to cross-site\nscripting attacks when malicious parameters were included in a search\nURL. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2025-30087)\n\nIt was discovered that Request Tracker was susceptible to cross-site\nscripting attacks when malicious permalinks or assets were provided.\nAn attacker could possibly use this issue to execute arbitrary code.\n(CVE-2025-31500, CVE-2025-31501)","modified":"2026-02-10T04:49:42Z","published":"2025-08-13T15:40:22Z","related":["UBUNTU-CVE-2021-38562","UBUNTU-CVE-2022-25802","UBUNTU-CVE-2022-25803","UBUNTU-CVE-2023-41259","UBUNTU-CVE-2023-41260","UBUNTU-CVE-2023-45024","UBUNTU-CVE-2024-3262","UBUNTU-CVE-2025-2545","UBUNTU-CVE-2025-30087","UBUNTU-CVE-2025-31500","UBUNTU-CVE-2025-31501"],"upstream":["CVE-2021-38562","CVE-2022-25802","CVE-2022-25803","CVE-2023-41259","CVE-2023-41260","CVE-2023-45024","CVE-2024-3262","CVE-2025-2545","CVE-2025-30087","CVE-2025-31500","CVE-2025-31501","UBUNTU-CVE-2021-38562","UBUNTU-CVE-2022-25802","UBUNTU-CVE-2022-25803","UBUNTU-CVE-2023-41259","UBUNTU-CVE-2023-41260","UBUNTU-CVE-2023-45024","UBUNTU-CVE-2024-3262","UBUNTU-CVE-2025-2545","UBUNTU-CVE-2025-30087","UBUNTU-CVE-2025-31500","UBUNTU-CVE-2025-31501"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7692-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-38562"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-25802"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-25803"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-41259"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-41260"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-45024"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-3262"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-2545"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-30087"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-31500"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-31501"}],"affected":[{"package":{"name":"request-tracker5","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/request-tracker5@5.0.1+dfsg-1ubuntu1+esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.1+dfsg-1ubuntu1+esm1"}]}],"versions":["5.0.1+dfsg-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.0.1+dfsg-1ubuntu1+esm1","binary_name":"request-tracker5"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm1","binary_name":"rt5-apache2"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm1","binary_name":"rt5-clients"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm1","binary_name":"rt5-db-mysql"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm1","binary_name":"rt5-db-postgresql"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm1","binary_name":"rt5-db-sqlite"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm1","binary_name":"rt5-doc-html"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm1","binary_name":"rt5-fcgi"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm1","binary_name":"rt5-standalone"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2021-38562","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2022-25802","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-25803","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-41259","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-41260","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-45024","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-3262","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-2545","severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-30087","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-31500","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-31501","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7692-1.json"}},{"package":{"name":"request-tracker5","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/request-tracker5@5.0.5+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.5+dfsg-2ubuntu0.1~esm1"}]}],"versions":["5.0.1+dfsg-1ubuntu1","5.0.5+dfsg-2"],"ecosystem_specific":{"binaries":[{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm1","binary_name":"request-tracker5"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm1","binary_name":"rt5-apache2"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm1","binary_name":"rt5-clients"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm1","binary_name":"rt5-db-mysql"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm1","binary_name":"rt5-db-postgresql"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm1","binary_name":"rt5-db-sqlite"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm1","binary_name":"rt5-doc-html"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm1","binary_name":"rt5-fcgi"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm1","binary_name":"rt5-standalone"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2024-3262","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-2545","severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-30087","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-31500","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-31501","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7692-1.json"}}],"schema_version":"1.7.3"}