FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Request Tracker -- information exposure vulnerability

Affected packages
rt50 < 5.0.6

Details

VuXML ID 51498ee4-39a1-11ef-b609-002590c1f29c
Discovery 2024-04-04
Entry 2024-07-04

Request Tracker reports:

CVE-2024-3262 describes previously viewed pages being stored in the browser cache, which is the typical default behavior of most browsers to enable the "back" button. Someone who gains access to a host computer could potentially view ticket data using the back button, even after logging out of RT. The CVE specifically references RT version 4.4.1, but this behavior is present in most browsers viewing all versions of RT before 5.0.6.

References

CVE Name CVE-2024-3262
URL https://github.com/advisories/GHSA-6426-p644-ffcf

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.