Published: 23/08/2013 Updated: 27/08/2013

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bestpractical rt 3.8.0
bestpractical rt 3.8.1
bestpractical rt 3.8.13
bestpractical rt 3.8.14
bestpractical rt 3.8.7
bestpractical rt 3.8.8
bestpractical rt 3.8.16
bestpractical rt 3.8.11
bestpractical rt 3.8.12
bestpractical rt 3.8.2
bestpractical rt 3.8.6
bestpractical rt 3.8.9
bestpractical rt 3.8.10
bestpractical rt 3.8.3
bestpractical rt 3.8.4
bestpractical rt 3.8.15
bestpractical rt 3.8.5
bestpractical rt 4.0.0
bestpractical rt 4.0.5
bestpractical rt 4.0.6
bestpractical rt 4.0.7
bestpractical rt 4.0.9
bestpractical rt 4.0.1
bestpractical rt 4.0.3
bestpractical rt 4.0.8
bestpractical rt 4.0.12
bestpractical rt 4.0.11
bestpractical rt 4.0.2
bestpractical rt 4.0.10
bestpractical rt 4.0.4

Debian Bug report logs - #709836 Multiple security issues Package: src:request-tracker4; Maintainer for src:request-tracker4 is Debian Request Tracker Group <pkg-request-tracker-maintainers@listsaliothdebianorg>; Reported by: Dominic Hargreaves <dom@earthli> Date: Sat, 25 May 2013 21:09:06 UTC Severity: serious ...

NVD-CWE-noinfo http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html http://www.debian.org/security/2012/dsa-2670 http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html http://www.osvdb.org/93610 http://secunia.com/advisories/53522 http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html http://secunia.com/advisories/53505 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709836 https://nvd.nist.gov

CVE-2013-3369

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect