Packages
- request-tracker5 - An open source, enterprise-grade issue and ticket tracking system.
Details
It was discovered that Request Tracker was susceptible to timing
attacks. An attacker could possibly use this issue to access sensitive
information. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-38562)
It was discovered that Request Tracker was susceptible to cross-site
scripting attacks when malicious attachments were supplied. An attacker
could possibly use this issue to execute arbitrary code. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-25802)
It was discovered that Request Tracker would incorrectly redirect users
in certain instances. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2022-25803)
Tom Wolters discovered that Request Tracker could leak information when
malicious email headers were supplied. An attacker...
It was discovered that Request Tracker was susceptible to timing
attacks. An attacker could possibly use this issue to access sensitive
information. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-38562)
It was discovered that Request Tracker was susceptible to cross-site
scripting attacks when malicious attachments were supplied. An attacker
could possibly use this issue to execute arbitrary code. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-25802)
It was discovered that Request Tracker would incorrectly redirect users
in certain instances. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2022-25803)
Tom Wolters discovered that Request Tracker could leak information when
malicious email headers were supplied. An attacker could possibly
use this issue to access sensitive information. This issue only
affected Ubuntu 22.04 LTS. (CVE-2023-41259, CVE-2023-41260)
It was discovered that Request Tracker could leak information through
its transaction search. An attacker with access to the transaction
query builder of Request Tracker could possibly use this issue to
access sensitive information. This issue only affected Ubuntu 22.04
LTS. (CVE-2023-45024)
It was discovered that Request Tracker erroneously stored ticket
information in a web browser's cache. An attacker with direct access to
a system could possibly use this issue to access sensitive information.
This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-3262)
It was discovered that Request Tracker made use of an obsolete
cryptographic algorithm for emails sent with S/MIME encryption. An
attacker could possibly use this issue to access sensitive information.
(CVE-2025-2545)
It was discovered that Request Tracker was susceptible to cross-site
scripting attacks when malicious parameters were included in a search
URL. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2025-30087)
It was discovered that Request Tracker was susceptible to cross-site
scripting attacks when malicious permalinks or assets were provided.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2025-31500, CVE-2025-31501)
Update instructions
After a standard system update you need to restart Request Tracker to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.04 plucky | request-tracker5 – 5.0.7+dfsg-2ubuntu0.1 | ||
| rt5-fcgi – 5.0.7+dfsg-2ubuntu0.1 | |||
| rt5-standalone – 5.0.7+dfsg-2ubuntu0.1 | |||
| 24.04 noble | request-tracker5 – 5.0.5+dfsg-2ubuntu0.1~esm1 | ||
| rt5-fcgi – 5.0.5+dfsg-2ubuntu0.1~esm1 | |||
| rt5-standalone – 5.0.5+dfsg-2ubuntu0.1~esm1 | |||
| 22.04 jammy | request-tracker5 – 5.0.1+dfsg-1ubuntu1+esm1 | ||
| rt5-fcgi – 5.0.1+dfsg-1ubuntu1+esm1 | |||
| rt5-standalone – 5.0.1+dfsg-1ubuntu1+esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2025-31501
- CVE-2025-31500
- CVE-2025-30087
- CVE-2025-2545
- CVE-2024-3262
- CVE-2023-45024
- CVE-2023-41260
- CVE-2023-41259
- CVE-2022-25803
- CVE-2022-25802
- CVE-2025-31501
- CVE-2025-31500
- CVE-2025-30087
- CVE-2025-2545
- CVE-2024-3262
- CVE-2023-45024
- CVE-2023-41260
- CVE-2023-41259
- CVE-2022-25803
- CVE-2022-25802
- CVE-2021-38562