RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
Debian Linux Security Advisory 3176-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.