MitreCVELIST:CVE-2012-4733

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4733

2022-10-0316:15:35

mitre

www.cve.org

request tracker

rt 4.x

deleteticket

custom lifecycle transition

remote authenticated users

modifyticket

vulnerability

8.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and “custom lifecycle transition” permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

References

lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

secunia.com/advisories/53522

www.osvdb.org/93611