CVE-2023-45024
📋 TL;DR
This vulnerability in Best Practical Request Tracker (RT) allows attackers to access sensitive information through the transaction search feature in the transaction query builder. It affects RT 5 installations before version 5.0.5. The information disclosure could expose internal transaction data that should be restricted.
💻 Affected Systems
- Best Practical Request Tracker (RT)
📦 What is this software?
Request Tracker by Bestpractical
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of all transaction data including sensitive internal communications, ticket details, and potentially confidential information stored in RT.
Likely Case
Unauthorized access to transaction records containing sensitive operational data, user information, and internal communications.
If Mitigated
Limited exposure of non-critical transaction metadata if proper access controls and monitoring are in place.
🎯 Exploit Status
Exploitation requires access to the transaction search interface, which typically requires authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.0.5
Vendor Advisory: https://docs.bestpractical.com/release-notes/rt/5.0.5
Restart Required: Yes
Instructions:
1. Backup your RT installation and database. 2. Download RT 5.0.5 from Best Practical. 3. Follow the upgrade instructions at https://docs.bestpractical.com/rt/5.0.5/upgrade/. 4. Restart RT services.
🔧 Temporary Workarounds
Disable transaction search
allTemporarily disable the transaction search functionality in RT to prevent exploitation.
# Modify RT configuration to remove transaction search access
# Edit RT_SiteConfig.pm to restrict transaction query builder access
Restrict access controls
allTighten access controls to limit who can use transaction search features.
# Configure RT ACLs to restrict 'ShowTransaction' and 'ShowTicket' rights
# Use RT's group-based permissions to limit access
🧯 If You Can't Patch
- Implement strict network segmentation to isolate RT from untrusted networks
- Enhance monitoring of transaction search activities and set up alerts for unusual patterns
🔍 How to Verify
Check if Vulnerable:
Check RT version by running: rt-server --version or check the RT web interface footer. If version is 5.x and less than 5.0.5, you are vulnerable.Check Version:
rt-server --versionVerify Fix Applied:
After upgrading, verify version is 5.0.5 or higher using the same commands. Test transaction search functionality to ensure it works without exposing unauthorized data.📡 Detection & Monitoring
Log Indicators:
- Unusual transaction search patterns
- Multiple failed transaction queries from single users
- Transaction queries returning large datasets
Network Indicators:
- Increased traffic to transaction search endpoints
- Patterns of sequential transaction ID queries
SIEM Query:
source="rt.log" AND ("transaction search" OR "transaction query") AND (status=200 OR bytes_transferred>100000)