Request Tracker Spreadsheet Injection Vulnerability Allowing Formula Execution

A spreadsheet injection vulnerability has been identified in Request Tracker (RT) versions prior to 5.0.10 and in the 6.0.0 to 6.0.2 range. This vulnerability arises because user-controlled data in spreadsheet exports is not properly sanitized before being written to the output file. As a result, when the file is opened in spreadsheet applications like Microsoft Excel, crafted values can be interpreted as formulas or macros. Users are advised to upgrade to RT versions 5.0.10 or 6.0.3, and to avoid opening exported spreadsheet files that may contain untrusted user input.

Impact

Exploitation of this vulnerability allows for CSV injection, where crafted data is executed as a formula or macro in the spreadsheet application.

Remediation

Users can upgrade to RT version 5.0.10 or 6.0.3. For those using RT 6.0.3, a specific patch is available that addresses this vulnerability via the TSV export headers.