4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
50.9%
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows
remote authenticated users to read (1) hashes of former passwords and (2)
ticket correspondence history by leveraging access to a privileged account.
Author | Note |
---|---|
jdstrand | regressions found in DSA-2480 (see bugs) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | request-tracker3.8 | <Â 3.8.7-1ubuntu2.3 | UNKNOWN |
ubuntu | 11.10 | noarch | request-tracker3.8 | <Â 3.8.10-1ubuntu0.1 | UNKNOWN |
ubuntu | 12.04 | noarch | request-tracker3.8 | <Â 3.8.11-1ubuntu0.1 | UNKNOWN |