Published: 03/07/2017 Updated: 03/10/2019

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The dashboard subscription interface in Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bestpractical request tracker 4.0.3
bestpractical request tracker 4.0.5
bestpractical request tracker 4.0.12
bestpractical request tracker 4.0.14
bestpractical request tracker 4.0.19
bestpractical request tracker 4.0.21
bestpractical request tracker 4.2.3
bestpractical request tracker 4.2.5
bestpractical request tracker 4.2.12
bestpractical request tracker 4.4.1
bestpractical request tracker 4.0.7
bestpractical request tracker 4.0.8
bestpractical request tracker 4.0.9
bestpractical request tracker 4.0.10
bestpractical request tracker 4.0.23
bestpractical request tracker 4.0.24
bestpractical request tracker 4.2.0
bestpractical request tracker 4.2.1
bestpractical request tracker 4.2.2
bestpractical request tracker 4.4.0
bestpractical request tracker 4.0.0
bestpractical request tracker 4.0.1
bestpractical request tracker 4.0.2
bestpractical request tracker 4.0.15
bestpractical request tracker 4.0.16
bestpractical request tracker 4.0.17
bestpractical request tracker 4.0.18
bestpractical request tracker 4.2.7
bestpractical request tracker 4.2.8
bestpractical request tracker 4.2.9
bestpractical request tracker 4.2.10
bestpractical request tracker 4.0.4
bestpractical request tracker 4.0.6
bestpractical request tracker 4.0.11
bestpractical request tracker 4.0.13
bestpractical request tracker 4.0.20
bestpractical request tracker 4.0.22
bestpractical request tracker 4.2.4
bestpractical request tracker 4.2.6
bestpractical request tracker 4.2.11
bestpractical request tracker 4.2.13

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6127 It was discovered that Request Tracker is vulnerable to a cross-site scripting (XSS) attack if an attacker uploads a malicious file ...

CWE-20 https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 http://www.debian.org/security/2017/dsa-3882 http://www.securityfocus.com/bid/99381 https://www.debian.org/security/./dsa-3882 https://nvd.nist.gov

CVE-2017-5944

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect