CVE-2021-38562

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-38562
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38562.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-38562
Related
Published
2021-10-18T09:15:08Z
Modified
2025-01-08T11:05:48.178760Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

References

Affected packages

Debian:11 / request-tracker4

Package

Name
request-tracker4
Purl
pkg:deb/debian/request-tracker4?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.4+dfsg-2+deb11u1

Affected versions

4.*

4.4.4+dfsg-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / request-tracker4

Package

Name
request-tracker4
Purl
pkg:deb/debian/request-tracker4?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.4+dfsg-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / request-tracker4

Package

Name
request-tracker4
Purl
pkg:deb/debian/request-tracker4?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.4+dfsg-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / request-tracker5

Package

Name
request-tracker5
Purl
pkg:deb/debian/request-tracker5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.3+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / request-tracker5

Package

Name
request-tracker5
Purl
pkg:deb/debian/request-tracker5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.3+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/bestpractical/rt

Affected ranges

Type
GIT
Repo
https://github.com/bestpractical/rt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
70749bb66cb13dd70bd53340c371038a5f3ca57c
Fixed
70749bb66cb13dd70bd53340c371038a5f3ca57c

Affected versions

rt-0.*

rt-0.9.10
rt-0.9.11
rt-0.9.12
rt-0.9.13
rt-0.9.14
rt-0.9.15
rt-0.9.16
rt-0.9.17
rt-0.9.18
rt-0.9.19
rt-0.9.20
rt-0.99.1
rt-0.99.2
rt-0.99.3
rt-0.99.4
rt-0.99.4pre1
rt-0.99.5
rt-0.99.5pre1
rt-0.99.6
rt-0.99.6pre1
rt-0.99.6pre4
rt-0.99.6pre5
rt-0.99.6pre6
rt-0.99.7
rt-0.99.8
rt-0.99.8pre1
rt-0.99.8pre2
rt-0.99.8pre3
rt-0.99.8pre4
rt-0.99.8pre5
rt-0.99.8pre8
rt-0.99.8pre9

rt-1.*

rt-1.1.1
rt-1.1.10
rt-1.1.2
rt-1.1.3broken
rt-1.1.4pre
rt-1.1.5
rt-1.1.6
rt-1.1.7
rt-1.1.8
rt-1.1.9
rt-1.1pre.1
rt-1.3.0
rt-1.3.10
rt-1.3.100
rt-1.3.101
rt-1.3.102
rt-1.3.103
rt-1.3.103.private.pretest
rt-1.3.104
rt-1.3.105
rt-1.3.106
rt-1.3.11
rt-1.3.12
rt-1.3.13
rt-1.3.15
rt-1.3.16
rt-1.3.17
rt-1.3.18
rt-1.3.19
rt-1.3.20
rt-1.3.21
rt-1.3.22
rt-1.3.23
rt-1.3.24
rt-1.3.25
rt-1.3.26
rt-1.3.27
rt-1.3.28
rt-1.3.29
rt-1.3.30
rt-1.3.31
rt-1.3.32
rt-1.3.33
rt-1.3.34
rt-1.3.35
rt-1.3.36
rt-1.3.37
rt-1.3.38
rt-1.3.39
rt-1.3.40
rt-1.3.41
rt-1.3.42
rt-1.3.43
rt-1.3.44
rt-1.3.45
rt-1.3.46
rt-1.3.47
rt-1.3.48
rt-1.3.49
rt-1.3.49_01
rt-1.3.50
rt-1.3.51
rt-1.3.52
rt-1.3.53
rt-1.3.54
rt-1.3.55
rt-1.3.56
rt-1.3.57
rt-1.3.58
rt-1.3.59
rt-1.3.6
rt-1.3.60
rt-1.3.61
rt-1.3.62
rt-1.3.63
rt-1.3.64
rt-1.3.65
rt-1.3.66
rt-1.3.67
rt-1.3.68
rt-1.3.68_01
rt-1.3.68_02
rt-1.3.69
rt-1.3.7
rt-1.3.70
rt-1.3.71
rt-1.3.72
rt-1.3.73
rt-1.3.74
rt-1.3.75
rt-1.3.77
rt-1.3.78
rt-1.3.79
rt-1.3.79.test1
rt-1.3.8
rt-1.3.80
rt-1.3.81
rt-1.3.82
rt-1.3.83
rt-1.3.84
rt-1.3.85
rt-1.3.86
rt-1.3.87
rt-1.3.88
rt-1.3.89
rt-1.3.9
rt-1.3.90
rt-1.3.91
rt-1.3.92
rt-1.3.93
rt-1.3.94
rt-1.3.95
rt-1.3.95.test1
rt-1.3.95.test2
rt-1.3.96
rt-1.3.97
rt-1.3.98
rt-1.3.99
rt-1.pre1.2

rt-2.*

rt-2.0.0
rt-2.0.0.rc1
rt-2.0.0.rc2
rt-2.0.0.rc3
rt-2.0.1
rt-2.0.1.test1
rt-2.0.1.test2
rt-2.0.1.test3
rt-2.0.1.test4
rt-2.0.10
rt-2.0.10.test1
rt-2.0.10.test2
rt-2.0.10.test3
rt-2.0.10.test4
rt-2.0.11
rt-2.0.11pre1
rt-2.0.12.pre1
rt-2.0.12.pre2
rt-2.0.12.pre3
rt-2.0.2
rt-2.0.2test1
rt-2.0.2test2
rt-2.0.2test3
rt-2.0.3
rt-2.0.4
rt-2.0.5
rt-2.0.5.test1
rt-2.0.5.test2
rt-2.0.5.test3
rt-2.0.6
rt-2.0.6.pre1
rt-2.0.6.pre3
rt-2.0.6.pre4
rt-2.0.6.pre5
rt-2.0.6.pre6
rt-2.0.6.pre7
rt-2.0.7
rt-2.0.7pre1
rt-2.0.8
rt-2.0.8_01
rt-2.0.8pre1
rt-2.0.8pre2
rt-2.0.8pre3
rt-2.0.9
rt-2.0.9pre1
rt-2.0.9pre3
rt-2.0.9pre4
rt-2.0.9pre5
rt-2.0.9pre6
rt-2.0.9pre7
rt-2.0.9pre8
rt-2.0.9pre9
rt-2.1.1
rt-2.1.10
rt-2.1.11
rt-2.1.12
rt-2.1.13
rt-2.1.14
rt-2.1.15
rt-2.1.16
rt-2.1.17
rt-2.1.18
rt-2.1.19
rt-2.1.20
rt-2.1.21
rt-2.1.22
rt-2.1.23
rt-2.1.24
rt-2.1.25
rt-2.1.26
rt-2.1.27
rt-2.1.28
rt-2.1.29
rt-2.1.3
rt-2.1.30
rt-2.1.31
rt-2.1.32
rt-2.1.33
rt-2.1.34
rt-2.1.35
rt-2.1.36
rt-2.1.37
rt-2.1.38
rt-2.1.39
rt-2.1.4
rt-2.1.41
rt-2.1.42
rt-2.1.43
rt-2.1.44
rt-2.1.45
rt-2.1.46
rt-2.1.47
rt-2.1.48
rt-2.1.49
rt-2.1.5
rt-2.1.50
rt-2.1.51
rt-2.1.52
rt-2.1.53
rt-2.1.54
rt-2.1.55
rt-2.1.56
rt-2.1.57
rt-2.1.58
rt-2.1.59
rt-2.1.6
rt-2.1.60
rt-2.1.61
rt-2.1.62
rt-2.1.63
rt-2.1.64
rt-2.1.66
rt-2.1.67
rt-2.1.68
rt-2.1.69
rt-2.1.7
rt-2.1.70
rt-2.1.71
rt-2.1.72
rt-2.1.73
rt-2.1.74
rt-2.1.75
rt-2.1.76
rt-2.1.77
rt-2.1.78
rt-2.1.79
rt-2.1.8
rt-2.1.80
rt-2.1.81
rt-2.1.82
rt-2.1.83
rt-2.1.84
rt-2.1.85
rt-2.1.86
rt-2.1.87
rt-2.1.87777777
rt-2.1.88
rt-2.1.9

rt-3.*

rt-3.0.0
rt-3.0.0rc0
rt-3.0.0rc1
rt-3.0.0rc2
rt-3.0.0rc3
rt-3.0.0rc4
rt-3.0.1
rt-3.0.10
rt-3.0.10pre1
rt-3.0.10pre2
rt-3.0.10rc1
rt-3.0.11
rt-3.0.11rc1
rt-3.0.11rc2
rt-3.0.11rc3
rt-3.0.11rc4
rt-3.0.1pre1
rt-3.0.1pre2
rt-3.0.2
rt-3.0.2pre1
rt-3.0.2pre2
rt-3.0.2pre3
rt-3.0.2pre4
rt-3.0.2pre5
rt-3.0.2pre6
rt-3.0.3
rt-3.0.3pre1
rt-3.0.3pre2
rt-3.0.3pre3
rt-3.0.3pre4
rt-3.0.3pre5
rt-3.0.3rc1
rt-3.0.3rc2
rt-3.0.3rc3
rt-3.0.3rc4
rt-3.0.4
rt-3.0.4pre1
rt-3.0.4rc1
rt-3.0.4rc2
rt-3.0.5
rt-3.0.5pre1
rt-3.0.5pre2
rt-3.0.5pre3
rt-3.0.5pre4
rt-3.0.5pre5
rt-3.0.5pre6
rt-3.0.5rc1
rt-3.0.6
rt-3.0.6rc1
rt-3.0.7
rt-3.0.7_01
rt-3.0.7pre1
rt-3.0.7pre2
rt-3.0.7pre3
rt-3.0.7rc1
rt-3.0.8
rt-3.0.8pre1
rt-3.0.8pre2
rt-3.0.8rc1
rt-3.0.9
rt-3.0.9pre1
rt-3.0.9pre2
rt-3.0.9pre3
rt-3.0.9pre4
rt-3.0.9pre6
rt-3.1-beta-1
rt-3.1.10
rt-3.1.11
rt-3.1.12
rt-3.1.13
rt-3.1.14
rt-3.1.15
rt-3.1.16
rt-3.1.17
rt-3.1.2
rt-3.1.3
rt-3.1.4
rt-3.1.5
rt-3.1.6
rt-3.1.7
rt-3.1.8
rt-3.2.0
rt-3.2.0rc1
rt-3.2.0rc2
rt-3.2.0rc3
rt-3.2.0rc4
rt-3.2.1
rt-3.2.1rc1
rt-3.2.1rc2
rt-3.2.1rc3
rt-3.2.1rc4
rt-3.2.2
rt-3.2.2rc1
rt-3.2.3
rt-3.2.3rc1
rt-3.2.3rc2
rt-3.3.10
rt-3.3.11
rt-3.3.12
rt-3.3.13
rt-3.3.14
rt-3.3.15
rt-3.3.16
rt-3.3.2
rt-3.3.3
rt-3.3.4
rt-3.3.5
rt-3.3.6
rt-3.3.7
rt-3.3.8
rt-3.3.9
rt-3.4.0
rt-3.4.0rc1
rt-3.4.0rc2
rt-3.4.0rc3
rt-3.4.0rc4
rt-3.4.0rc5
rt-3.4.0rc6
rt-3.4.1
rt-3.4.2
rt-3.4.2rc1
rt-3.4.2rc2
rt-3.4.3
rt-3.4.3pre1
rt-3.4.3rc1
rt-3.4.3rc2
rt-3.4.4
rt-3.4.4pre1
rt-3.4.4pre2
rt-3.4.4pre3
rt-3.4.5
rt-3.4.5pre1
rt-3.4.5rc1
rt-3.4.5rc2
rt-3.4.6rc1
rt-3.4.CH6
rt-3.4.CH7
rt-3.5.1
rt-3.5.2
rt-3.5.3
rt-3.5.4
rt-3.5.5
rt-3.5.6
rt-3.5.7
rt-3.6.0
rt-3.6.0pre0
rt-3.6.0pre1
rt-3.6.0rc1
rt-3.6.0rc2
rt-3.6.0rc3
rt-3.6.1
rt-3.6.1pre2
rt-3.6.1rc1
rt-3.6.1rc2
rt-3.6.2
rt-3.6.2rc1
rt-3.6.2rc3
rt-3.6.2rc4
rt-3.6.2rc5
rt-3.6.3
rt-3.6.3rc1
rt-3.6.3rc2
rt-3.6.3rc3
rt-3.6.3rc4
rt-3.6.4
rt-3.6.4rc1
rt-3.6.4rc2
rt-3.6.5
rt-3.6.5RC1
rt-3.6.5RC2
rt-3.6.6
rt-3.6.6rc1
rt-3.6.6rc2
rt-3.6.6rc3
rt-3.6.7
rt-3.7.1
rt-3.7.15
rt-3.7.85
rt-3.7.86
rt-3.8.0rc1
rt-3.8.10
rt-3.8.10rc1
rt-3.8.11
rt-3.8.11rc1
rt-3.8.11rc2
rt-3.8.12
rt-3.8.13
rt-3.8.13rc1
rt-3.8.13rc2
rt-3.8.14
rt-3.8.14rc1
rt-3.8.15
rt-3.8.2
rt-3.8.2rc1
rt-3.8.2rc2
rt-3.8.3
rt-3.8.3rc1
rt-3.8.3rc2
rt-3.8.4
rt-3.8.4rc1
rt-3.8.5
rt-3.8.6
rt-3.8.6rc1
rt-3.8.7
rt-3.8.7rc1
rt-3.8.8
rt-3.8.8rc1
rt-3.8.8rc2
rt-3.8.8rc3
rt-3.8.8rc4
rt-3.8.9
rt-3.8.9rc1
rt-3.8.9rc2
rt-3.8.9rc3
rt-3.9-merge-rtfm
rt-3.9.4
rt-3.9.5
rt-3.9.6
rt-3.9.7

rt-4.*

rt-4.0.0
rt-4.0.0rc1
rt-4.0.0rc2
rt-4.0.0rc3
rt-4.0.0rc4
rt-4.0.0rc5
rt-4.0.0rc6
rt-4.0.0rc7
rt-4.0.0rc8
rt-4.0.1
rt-4.0.10
rt-4.0.10rc1
rt-4.0.11
rt-4.0.11rc1
rt-4.0.11rc2
rt-4.0.12
rt-4.0.12rc1
rt-4.0.13
rt-4.0.14
rt-4.0.14rc1
rt-4.0.14rc2
rt-4.0.15
rt-4.0.16
rt-4.0.17
rt-4.0.18
rt-4.0.18rc1
rt-4.0.19
rt-4.0.19rc1
rt-4.0.1rc1
rt-4.0.1rc2
rt-4.0.2
rt-4.0.20
rt-4.0.20rc1
rt-4.0.21
rt-4.0.21rc1
rt-4.0.22
rt-4.0.22rc1
rt-4.0.23
rt-4.0.23rc1
rt-4.0.24
rt-4.0.2rc1
rt-4.0.2rc2
rt-4.0.3
rt-4.0.3rc1
rt-4.0.3rc2
rt-4.0.4
rt-4.0.5
rt-4.0.5rc1
rt-4.0.6
rt-4.0.6rc1
rt-4.0.6rc2
rt-4.0.6rc3
rt-4.0.6rc4
rt-4.0.7
rt-4.0.7rc1
rt-4.0.8
rt-4.0.8rc1
rt-4.0.8rc2
rt-4.0.9
rt-4.0.9rc1
rt-4.1.13
rt-4.1.17
rt-4.1.19
rt-4.1.23
rt-4.1.5
rt-4.1.6
rt-4.1.7
rt-4.1.8
rt-4.2.0
rt-4.2.0rc1
rt-4.2.0rc2
rt-4.2.0rc3
rt-4.2.0rc4
rt-4.2.0rc5
rt-4.2.1
rt-4.2.10
rt-4.2.10rc1
rt-4.2.11
rt-4.2.11rc1
rt-4.2.11rc2
rt-4.2.12
rt-4.2.13
rt-4.2.13rc1
rt-4.2.14
rt-4.2.14rc1
rt-4.2.14rc2
rt-4.2.14rc3
rt-4.2.15
rt-4.2.15beta1
rt-4.2.16
rt-4.2.16beta1
rt-4.2.1rc1
rt-4.2.2
rt-4.2.2rc1
rt-4.2.3
rt-4.2.3rc1
rt-4.2.4
rt-4.2.4rc1
rt-4.2.5
rt-4.2.5rc1
rt-4.2.5rc2
rt-4.2.6
rt-4.2.6rc1
rt-4.2.7
rt-4.2.7rc1
rt-4.2.8
rt-4.2.9
rt-4.2.9rc1
rt-4.4.0
rt-4.4.0rc1
rt-4.4.0rc2
rt-4.4.0rc3
rt-4.4.1
rt-4.4.1rc1
rt-4.4.1rc2
rt-4.4.2
rt-4.4.2rc1
rt-4.4.2rc2
rt-4.4.2rc3
rt-4.4.3
rt-4.4.3beta1
rt-4.4.4
rt-4.4.4beta1
rt-4.4.4beta2
rt-4.6.0-pre1

rt-5.*

rt-5.0.0
rt-5.0.0alpha1
rt-5.0.0beta1
rt-5.0.0beta2
rt-5.0.1
rt-5.0.1beta1