ID CVE-2012-4733
Summary Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 27-08-2013 - 17:16)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
mlist
  • [rt-announce] 20130522 RT 4.0.13 released
  • [rt-announce] 20130522 Security vulnerabilities in RT
osvdb 93611
secunia 53522
Last major update 27-08-2013 - 17:16
Published 23-08-2013 - 16:55
Last modified 27-08-2013 - 17:16
Back to Top