{"id":"CVE-2021-38562","details":"Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.","modified":"2026-04-11T12:37:02.393509Z","published":"2021-10-18T09:15:08.767Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"9.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"35"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/"},{"type":"ADVISORY","url":"https://docs.bestpractical.com/release-notes/rt/index.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"},{"type":"FIX","url":"https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bestpractical/rt","events":[{"introduced":"8130561b24bc13ef2588cbcebfdecbdc305eefbb"},{"fixed":"1fd0c7614d6a204878f01f7c9b3578812df2faae"},{"introduced":"7197d3dade64d6ef63a329fe0e4e24bd05ca9cd9"},{"fixed":"edbeab18ff2a584d3da1bbcd58d4d0c3d180e25b"},{"introduced":"b88a9bf29c440aa6a71fd91c48b4016ec7ab92f3"},{"fixed":"185e82bc4d92ad7d6d5cc7ea4a949d9ad656c85e"},{"fixed":"70749bb66cb13dd70bd53340c371038a5f3ca57c"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"4.2.0"},{"fixed":"4.2.17"},{"introduced":"4.4.0"},{"fixed":"4.4.5"},{"introduced":"5.0.0"},{"fixed":"5.0.2"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38562.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}