USN-7692-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7692-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7692-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7692-1
Upstream
Related
Published
2025-08-13T15:40:22.214074Z
Modified
2025-08-19T08:30:52.687252Z
Summary
request-tracker5 vulnerabilities
Details

It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-38562)

It was discovered that Request Tracker was susceptible to cross-site scripting attacks when malicious attachments were supplied. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-25802)

It was discovered that Request Tracker would incorrectly redirect users in certain instances. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-25803)

Tom Wolters discovered that Request Tracker could leak information when malicious email headers were supplied. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-41259, CVE-2023-41260)

It was discovered that Request Tracker could leak information through its transaction search. An attacker with access to the transaction query builder of Request Tracker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-45024)

It was discovered that Request Tracker erroneously stored ticket information in a web browser's cache. An attacker with direct access to a system could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3262)

It was discovered that Request Tracker made use of an obsolete cryptographic algorithm for emails sent with S/MIME encryption. An attacker could possibly use this issue to access sensitive information. (CVE-2025-2545)

It was discovered that Request Tracker was susceptible to cross-site scripting attacks when malicious parameters were included in a search URL. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-30087)

It was discovered that Request Tracker was susceptible to cross-site scripting attacks when malicious permalinks or assets were provided. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-31500, CVE-2025-31501)

References

Affected packages

Ubuntu:Pro:22.04:LTS / request-tracker5

Package

Name
request-tracker5
Purl
pkg:deb/ubuntu/request-tracker5@5.0.1+dfsg-1ubuntu1+esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.1+dfsg-1ubuntu1+esm1

Affected versions

5.*

5.0.1+dfsg-1ubuntu1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "5.0.1+dfsg-1ubuntu1+esm1",
            "binary_name": "request-tracker5"
        },
        {
            "binary_version": "5.0.1+dfsg-1ubuntu1+esm1",
            "binary_name": "rt5-apache2"
        },
        {
            "binary_version": "5.0.1+dfsg-1ubuntu1+esm1",
            "binary_name": "rt5-clients"
        },
        {
            "binary_version": "5.0.1+dfsg-1ubuntu1+esm1",
            "binary_name": "rt5-db-mysql"
        },
        {
            "binary_version": "5.0.1+dfsg-1ubuntu1+esm1",
            "binary_name": "rt5-db-postgresql"
        },
        {
            "binary_version": "5.0.1+dfsg-1ubuntu1+esm1",
            "binary_name": "rt5-db-sqlite"
        },
        {
            "binary_version": "5.0.1+dfsg-1ubuntu1+esm1",
            "binary_name": "rt5-doc-html"
        },
        {
            "binary_version": "5.0.1+dfsg-1ubuntu1+esm1",
            "binary_name": "rt5-fcgi"
        },
        {
            "binary_version": "5.0.1+dfsg-1ubuntu1+esm1",
            "binary_name": "rt5-standalone"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / request-tracker5

Package

Name
request-tracker5
Purl
pkg:deb/ubuntu/request-tracker5@5.0.5+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.5+dfsg-2ubuntu0.1~esm1

Affected versions

5.*

5.0.1+dfsg-1ubuntu1
5.0.5+dfsg-2

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1",
            "binary_name": "request-tracker5"
        },
        {
            "binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1",
            "binary_name": "rt5-apache2"
        },
        {
            "binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1",
            "binary_name": "rt5-clients"
        },
        {
            "binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1",
            "binary_name": "rt5-db-mysql"
        },
        {
            "binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1",
            "binary_name": "rt5-db-postgresql"
        },
        {
            "binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1",
            "binary_name": "rt5-db-sqlite"
        },
        {
            "binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1",
            "binary_name": "rt5-doc-html"
        },
        {
            "binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1",
            "binary_name": "rt5-fcgi"
        },
        {
            "binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1",
            "binary_name": "rt5-standalone"
        }
    ]
}

Ubuntu:25.04 / request-tracker5

Package

Name
request-tracker5
Purl
pkg:deb/ubuntu/request-tracker5@5.0.7+dfsg-2ubuntu0.1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.7+dfsg-2ubuntu0.1

Affected versions

5.*

5.0.5+dfsg-2ubuntu1
5.0.7+dfsg-2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "5.0.7+dfsg-2ubuntu0.1",
            "binary_name": "request-tracker5"
        },
        {
            "binary_version": "5.0.7+dfsg-2ubuntu0.1",
            "binary_name": "rt5-apache2"
        },
        {
            "binary_version": "5.0.7+dfsg-2ubuntu0.1",
            "binary_name": "rt5-clients"
        },
        {
            "binary_version": "5.0.7+dfsg-2ubuntu0.1",
            "binary_name": "rt5-db-mysql"
        },
        {
            "binary_version": "5.0.7+dfsg-2ubuntu0.1",
            "binary_name": "rt5-db-postgresql"
        },
        {
            "binary_version": "5.0.7+dfsg-2ubuntu0.1",
            "binary_name": "rt5-db-sqlite"
        },
        {
            "binary_version": "5.0.7+dfsg-2ubuntu0.1",
            "binary_name": "rt5-doc-html"
        },
        {
            "binary_version": "5.0.7+dfsg-2ubuntu0.1",
            "binary_name": "rt5-fcgi"
        },
        {
            "binary_version": "5.0.7+dfsg-2ubuntu0.1",
            "binary_name": "rt5-standalone"
        }
    ]
}