CVE-2012-4733

2013-08-23T12:55:06
ID CVE-2012-4733
Type cve
Reporter NVD
Modified 2013-08-27T13:16:05

Description

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.