Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "4.0.19-1", "binary_name": "request-tracker4" }, { "binary_version": "4.0.19-1", "binary_name": "rt4-apache2" }, { "binary_version": "4.0.19-1", "binary_name": "rt4-clients" }, { "binary_version": "4.0.19-1", "binary_name": "rt4-db-mysql" }, { "binary_version": "4.0.19-1", "binary_name": "rt4-db-postgresql" }, { "binary_version": "4.0.19-1", "binary_name": "rt4-db-sqlite" }, { "binary_version": "4.0.19-1", "binary_name": "rt4-doc-html" }, { "binary_version": "4.0.19-1", "binary_name": "rt4-fcgi" } ] }