Not a user yet?
Log in Register for free Suggest a product
Update

USN-7692-1: Request Tracker vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical

USN-7692-1: Request Tracker vulnerabilities
Publication date: 13 August 2025
Overview: Several security issues were fixed in Request Tracker.
Releases: 25.04 , 24.04 LTS , 22.04 LTS

Packages

  • request-tracker5 - An open source, enterprise-grade issue and ticket tracking system.

Details
It was discovered that Request Tracker was susceptible to timing
attacks. An attacker could possibly use this issue to access sensitive
information. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-38562)

It was discovered that Request Tracker was susceptible to cross-site
scripting attacks when malicious attachments were supplied. An attacker
could possibly use this issue to execute arbitrary code. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-25802)

It was discovered that Request Tracker would incorrectly redirect users
in certain instances. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2022-25803)

Tom Wolters discovered that Request Tracker could leak information when
malicious email headers were supplied. An attacker could possibly
use this issue to access sensitive information. This issue only
affected Ubuntu 22.04 LTS. (CVE-2023-41259, CVE-2023-41260)

It was discovered that Request Tracker could leak information through
its transaction search. An attacker with access to the transaction
query builder of Request Tracker could possibly use this issue to
access sensitive information. This issue only affected Ubuntu 22.04
LTS. (CVE-2023-45024)

It was discovered that Request Tracker erroneously stored ticket
information in a web browser’s cache. An attacker with direct access to
a system could possibly use this issue to access sensitive information.
This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-3262)

It was discovered that Request Tracker made use of an obsolete
cryptographic algorithm for emails sent with S/MIME encryption. An
attacker could possibly use this issue to access sensitive information.
(CVE-2025-2545)

It was discovered that Request Tracker was susceptible to cross-site
scripting attacks when malicious parameters were included in a search
URL. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2025-30087)

It was discovered that Request Tracker was susceptible to cross-site
scripting attacks when malicious permalinks or assets were provided.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2025-31500, CVE-2025-31501)

Update instructions
The problem can be corrected by updating your system to the following package versions:

25.04 plucky

  • request-tracker5 – 5.0.7+dfsg-2ubuntu0.1
  • rt5-fcgi – 5.0.7+dfsg-2ubuntu0.1
  • rt5-standalone – 5.0.7+dfsg-2ubuntu0.1

24.04 noble

  • request-tracker5 – 5.0.5+dfsg-2ubuntu0.1~esm1
  • rt5-fcgi – 5.0.5+dfsg-2ubuntu0.1~esm1
  • rt5-standalone – 5.0.5+dfsg-2ubuntu0.1~esm1

22.04 jammy

  • request-tracker5 – 5.0.1+dfsg-1ubuntu1+esm1
  • rt5-fcgi – 5.0.1+dfsg-1ubuntu1+esm1
    rt5-standalone – 5.0.1+dfsg-1ubuntu1+esm1
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad