Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The following issues are addressed with these security updates: - RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface. This vulnerability is assigned CVE-2023-41259. - RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface. This vulnerability is assigned CVE-2023-41260. - RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder. This vulnerability is assigned CVE-2023-45024. - RT 5.0 can reveal information about data on various RT objects in errors and other response messages to REST 2 requests.
- Loading branch information