Published: 23/08/2013 Updated: 27/08/2013

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Request Tracker (RT) 4.x prior to 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bestpractical rt 4.0.1
bestpractical rt 4.0.10
bestpractical rt 4.0.0
bestpractical rt 4.0.2
bestpractical rt 4.0.3
bestpractical rt 4.0.12
bestpractical rt 4.0.11

Debian Bug report logs - #709836 Multiple security issues Package: src:request-tracker4; Maintainer for src:request-tracker4 is Debian Request Tracker Group <pkg-request-tracker-maintainers@listsaliothdebianorg>; Reported by: Dominic Hargreaves <dom@earthli> Date: Sat, 25 May 2013 21:09:06 UTC Severity: serious ...

CWE-255 http://www.osvdb.org/93611 http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html http://secunia.com/advisories/53522 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709836 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-4733

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect