Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2012-4733
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4733

2022-10-0316:15:35
CWE-255
[email protected]
web.nvd.nist.gov
28
request tracker
rt 4.x
cve-2012-4733
deleteticket
custom lifecycle transition
permission
remote authenticated users
modifyticket
delete tickets

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and “custom lifecycle transition” permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

Affected configurations

NVD
Node
bestpracticalrtMatch4.0.0
OR
bestpracticalrtMatch4.0.0rc1
OR
bestpracticalrtMatch4.0.0rc2
OR
bestpracticalrtMatch4.0.0rc3
OR
bestpracticalrtMatch4.0.0rc4
OR
bestpracticalrtMatch4.0.0rc5
OR
bestpracticalrtMatch4.0.0rc6
OR
bestpracticalrtMatch4.0.0rc7
OR
bestpracticalrtMatch4.0.0rc8
OR
bestpracticalrtMatch4.0.1
OR
bestpracticalrtMatch4.0.1rc1
OR
bestpracticalrtMatch4.0.1rc2
OR
bestpracticalrtMatch4.0.2
OR
bestpracticalrtMatch4.0.2rc1
OR
bestpracticalrtMatch4.0.2rc2
OR
bestpracticalrtMatch4.0.3
OR
bestpracticalrtMatch4.0.10
OR
bestpracticalrtMatch4.0.11
OR
bestpracticalrtMatch4.0.12

Related

debiancve 1
ubuntucve 1
nvd 1
cvelist 1
prion 1
nessus 4
freebsd 1
debian 2
openvas 3
osv 1
mageia 1
debiancve
debiancve
CVE-2012-4733
2022-10-03 16:15:35
ubuntucve
ubuntucve
CVE-2012-4733
2013-08-23 00:00:00
nvd
nvd
CVE-2012-4733
2013-08-23 16:55:06
cvelist
cvelist
CVE-2012-4733
2022-10-03 16:15:35
prion
prion
Cross site request forgery (csrf)
2013-08-23 16:55:00
nessus
nessus
Debian DSA-2671-1 : request-tracker4 - several vulnerabilities
2013-05-23 00:00:00
FreeBSD : RT -- multiple vulnerabilities (3a429192-c36a-11e2-97a9-6805ca0b3d42)
2013-05-24 00:00:00
RT: Request Tracker < 3.8.17 / 4.0.13 Multiple Vulnerabilities
2013-05-24 00:00:00
freebsd
freebsd
RT -- multiple vulnerabilities
2013-05-22 00:00:00
debian
debian
[SECURITY] [DSA 2671-1] request-tracker4 security update
2013-05-22 19:45:55
[SECURITY] [DSA 2671-1] request-tracker4 security update
2013-05-22 19:45:55
openvas
openvas
Debian Security Advisory DSA 2671-1 (request-tracker4 - several vulnerabilities)
2013-05-22 00:00:00
Debian: Security Advisory (DSA-2671-1)
2013-05-21 00:00:00
Mageia: Security Advisory (MGASA-2017-0325)
2022-01-28 00:00:00
osv
osv
request-tracker4 - several
2013-05-22 00:00:00
mageia
mageia
Updated rt/perl-Encode packages fix security vulnerability
2017-09-03 17:31:33

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON
Related for CVE-2012-4733
debiancve1ubuntucve1nvd1cvelist1prion1nessus4freebsd1debian2openvas3osv1mageia1