8.2 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.2%
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and “custom lifecycle transition” permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html
lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html
secunia.com/advisories/53522
www.osvdb.org/93611