Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
References
Link | Resource |
---|---|
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | Vendor Advisory |
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | Patch |
http://secunia.com/advisories/53522 | Vendor Advisory |
http://www.osvdb.org/93611 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2013-08-23 16:55
Updated : 2024-02-28 12:00
NVD link : CVE-2012-4733
Mitre link : CVE-2012-4733
CVE.ORG link : CVE-2012-4733
JSON object : View
Products Affected
bestpractical
- rt
CWE
CWE-255
Credentials Management Errors