FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-28 07:09:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e14b9870-62a4-11ee-897b-000bab9f87f1	Request Tracker -- multiple vulnerabilities Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface. CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface. CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder. Discovery 2023-10-18 Entry 2023-10-18 rt44 < 4.4.6 rt50 < 5.0.4 CVE-2023-41259 CVE-2023-41260 CVE-2023-45024 https://bestpractical.com/request-tracker/
416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42	rt -- XSS via jQuery BestPractical reports: The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting (XSS) vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer receives official updates, however a fix was posted with recommendations for applications to patch locally, so RT will follow this recommendation and ship with a patched version. Discovery 2019-03-05 Entry 2019-03-06 rt42 ge 4.2.0 lt 4.2.16 rt44 ge 4.4.0 lt 4.4.4 https://docs.bestpractical.com/release-notes/rt/4.4.4 https://docs.bestpractical.com/release-notes/rt/4.2.16 CVE-2015-9251

VuXML ID

Description

e14b9870-62a4-11ee-897b-000bab9f87f1

Request Tracker -- multiple vulnerabilities

Request Tracker reports:

CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface.

CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface.

CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder.

Discovery 2023-10-18
Entry 2023-10-18
rt44

< 4.4.6

rt50

< 5.0.4

CVE-2023-41259
CVE-2023-41260
CVE-2023-45024
https://bestpractical.com/request-tracker/

416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42

rt -- XSS via jQuery

BestPractical reports:

The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting (XSS) vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer receives official updates, however a fix was posted with recommendations for applications to patch locally, so RT will follow this recommendation and ship with a patched version.

Discovery 2019-03-05
Entry 2019-03-06
rt42

ge 4.2.0 lt 4.2.16

rt44

ge 4.4.0 lt 4.4.4

https://docs.bestpractical.com/release-notes/rt/4.4.4
https://docs.bestpractical.com/release-notes/rt/4.2.16
CVE-2015-9251