Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2012-11-11 13:00
Updated : 2024-02-28 12:00
NVD link : CVE-2012-4730
Mitre link : CVE-2012-4730
CVE.ORG link : CVE-2012-4730
JSON object : View
Products Affected
bestpractical
- rt
CWE
CWE-264
Permissions, Privileges, and Access Controls