|Description||Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account.|
|Source||CVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|request-tracker4 (PTS)||wheezy (security), wheezy||4.0.7-5+deb7u4||fixed|
|jessie (security), jessie||4.2.8-3+deb8u1||fixed|
The information below is based on the following data on fixed versions.