Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."
{ "availability": "No subscription required", "binaries": [ { "binary_name": "request-tracker4", "binary_version": "4.0.19-1" }, { "binary_name": "rt4-apache2", "binary_version": "4.0.19-1" }, { "binary_name": "rt4-clients", "binary_version": "4.0.19-1" }, { "binary_name": "rt4-db-mysql", "binary_version": "4.0.19-1" }, { "binary_name": "rt4-db-postgresql", "binary_version": "4.0.19-1" }, { "binary_name": "rt4-db-sqlite", "binary_version": "4.0.19-1" }, { "binary_name": "rt4-doc-html", "binary_version": "4.0.19-1" }, { "binary_name": "rt4-fcgi", "binary_version": "4.0.19-1" } ] }