Lucene search

[email protected]CVE-2011-1008

HistoryFeb 28, 2011 - 4:00 p.m.

CVE-2011-1008

2011-02-2816:00:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-1008

nvd

information security

access restriction

sql logging

best practical solutions rt

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.7%

JSON

Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.

Affected configurations

NVD

Node

bestpracticalrtRange≤3.8.9rc3

bestpracticalrtMatch1.0.0

bestpracticalrtMatch1.0.1

bestpracticalrtMatch1.0.2

bestpracticalrtMatch1.0.3

bestpracticalrtMatch1.0.4

bestpracticalrtMatch1.0.5

bestpracticalrtMatch1.0.6

bestpracticalrtMatch1.0.7

bestpracticalrtMatch2.0.0

bestpracticalrtMatch2.0.1

bestpracticalrtMatch2.0.2

bestpracticalrtMatch2.0.3

bestpracticalrtMatch2.0.4

bestpracticalrtMatch2.0.5

bestpracticalrtMatch2.0.5.1

bestpracticalrtMatch2.0.5.3

bestpracticalrtMatch2.0.6

bestpracticalrtMatch2.0.7

bestpracticalrtMatch2.0.8

bestpracticalrtMatch2.0.8.2

bestpracticalrtMatch2.0.9

bestpracticalrtMatch2.0.11

bestpracticalrtMatch2.0.12

bestpracticalrtMatch2.0.13

bestpracticalrtMatch2.0.14

bestpracticalrtMatch2.0.15

bestpracticalrtMatch3.0.0

bestpracticalrtMatch3.0.1

bestpracticalrtMatch3.0.2

bestpracticalrtMatch3.0.3

bestpracticalrtMatch3.0.4

bestpracticalrtMatch3.0.5

bestpracticalrtMatch3.0.6

bestpracticalrtMatch3.0.7

bestpracticalrtMatch3.0.7.1

bestpracticalrtMatch3.0.8

bestpracticalrtMatch3.0.9

bestpracticalrtMatch3.0.10

bestpracticalrtMatch3.0.11

bestpracticalrtMatch3.0.12

bestpracticalrtMatch3.2.0

bestpracticalrtMatch3.2.1

bestpracticalrtMatch3.2.2

bestpracticalrtMatch3.2.3

bestpracticalrtMatch3.4.0

bestpracticalrtMatch3.4.1

bestpracticalrtMatch3.4.2

bestpracticalrtMatch3.4.3

bestpracticalrtMatch3.4.4

bestpracticalrtMatch3.4.5

bestpracticalrtMatch3.4.6

bestpracticalrtMatch3.6.0

bestpracticalrtMatch3.6.1

bestpracticalrtMatch3.6.2

bestpracticalrtMatch3.6.3

bestpracticalrtMatch3.6.4

bestpracticalrtMatch3.6.5

bestpracticalrtMatch3.6.6

bestpracticalrtMatch3.6.7

bestpracticalrtMatch3.6.8

bestpracticalrtMatch3.6.9

bestpracticalrtMatch3.8.0

bestpracticalrtMatch3.8.1

bestpracticalrtMatch3.8.2

bestpracticalrtMatch3.8.3

bestpracticalrtMatch3.8.4

bestpracticalrtMatch3.8.5

bestpracticalrtMatch3.8.6

bestpracticalrtMatch3.8.6rc1

bestpracticalrtMatch3.8.7rc1

bestpracticalrtMatch3.8.8rc2

bestpracticalrtMatch3.8.8rc3

bestpracticalrtMatch3.8.8rc4

bestpracticalrtMatch3.8.9rc1

bestpracticalrtMatch3.8.9rc2

CPENameOperatorVersion
bestpractical:rtbestpractical rtle3.8.9
bestpractical:rtbestpractical rteq1.0.0
bestpractical:rtbestpractical rteq1.0.1
bestpractical:rtbestpractical rteq1.0.2
bestpractical:rtbestpractical rteq1.0.3
bestpractical:rtbestpractical rteq1.0.4
bestpractical:rtbestpractical rteq1.0.5
bestpractical:rtbestpractical rteq1.0.6
bestpractical:rtbestpractical rteq1.0.7
bestpractical:rtbestpractical rteq2.0.0

CPE	Name	Operator	Version
bestpractical:rt	bestpractical rt	le	3.8.9
bestpractical:rt	bestpractical rt	eq	1.0.0
bestpractical:rt	bestpractical rt	eq	1.0.1
bestpractical:rt	bestpractical rt	eq	1.0.2
bestpractical:rt	bestpractical rt	eq	1.0.3
bestpractical:rt	bestpractical rt	eq	1.0.4
bestpractical:rt	bestpractical rt	eq	1.0.5
bestpractical:rt	bestpractical rt	eq	1.0.6
bestpractical:rt	bestpractical rt	eq	1.0.7
bestpractical:rt	bestpractical rt	eq	2.0.0

Rows per page:

1-10 of 711

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576

lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html

openwall.com/lists/oss-security/2011/02/22/12

openwall.com/lists/oss-security/2011/02/22/16

openwall.com/lists/oss-security/2011/02/22/6

openwall.com/lists/oss-security/2011/02/23/22

openwall.com/lists/oss-security/2011/02/24/7

openwall.com/lists/oss-security/2011/02/24/8

openwall.com/lists/oss-security/2011/02/24/9

osvdb.org/71011

secunia.com/advisories/43438

www.vupen.com/english/advisories/2011/0475

exchange.xforce.ibmcloud.com/vulnerabilities/65772

github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d01f3

lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.7%

JSON

Related for CVE-2011-1008

ubuntucve1 cvelist1 prion1 nvd1 openvas2 nessus1