Lucene search

PRIOn knowledge basePRION:CVE-2011-1008

HistoryFeb 28, 2011 - 4:00 p.m.

Design/Logic Flaw

2011-02-2816:00:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.7%

JSON

Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.

CPENameOperatorVersion
rtle3.8.9
rteq3.0.4
rteq2.0.7
rteq3.8.9 rc2
rteq3.0.8
rteq3.8.8 rc2
rteq3.8.9 rc1
rteq2.0.6
rteq3.4.5
rteq3.0.2

Name	Operator	Version
rt	le	3.8.9
rt	eq	3.0.4
rt	eq	2.0.7
rt	eq	3.8.9 rc2
rt	eq	3.0.8
rt	eq	3.8.8 rc2
rt	eq	3.8.9 rc1
rt	eq	2.0.6
rt	eq	3.4.5
rt	eq	3.0.2

Rows per page:

1-10 of 761

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576

lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html

openwall.com/lists/oss-security/2011/02/22/12

openwall.com/lists/oss-security/2011/02/22/16

openwall.com/lists/oss-security/2011/02/22/6

openwall.com/lists/oss-security/2011/02/23/22

openwall.com/lists/oss-security/2011/02/24/7

openwall.com/lists/oss-security/2011/02/24/8

openwall.com/lists/oss-security/2011/02/24/9

osvdb.org/71011

secunia.com/advisories/43438

www.vupen.com/english/advisories/2011/0475

exchange.xforce.ibmcloud.com/vulnerabilities/65772

github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d01f3

lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E