CVE-2012-4733
N/A
N/A
Summary
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html
- http://www.osvdb.org/93611
- http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html
- http://secunia.com/advisories/53522
References
- http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html
- http://www.osvdb.org/93611
- http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html
- http://secunia.com/advisories/53522
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.