MitreCVELIST:CVE-2012-4733

HistoryAug 23, 2013 - 4:00 p.m.

CVE-2012-4733

2013-08-2316:00:00

mitre

www.cve.org

request tracker

rt 4.x

deleteticket

custom lifecycle transition

remote authenticated users

modifyticket

vulnerability

AI Score

8.2

Confidence

High

EPSS

0.003

Percentile

71.4%

JSON

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and “custom lifecycle transition” permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

References

lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

secunia.com/advisories/53522

www.osvdb.org/93611