CVE-2012-4731 - OpenCVE

FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Bestpractical	Rtfm

Configuration 1 [-]

OR	cpe:2.3:a:bestpractical:rtfm::::::::
	cpe:2.3:a:bestpractical:rtfm:2.2.0:::::::*
	cpe:2.3:a:bestpractical:rtfm:2.2.1:::::::*
	cpe:2.3:a:bestpractical:rtfm:2.2.2:::::::*
	cpe:2.3:a:bestpractical:rtfm:2.4.0:::::::*
	cpe:2.3:a:bestpractical:rtfm:2.4.1:::::::*
	cpe:2.3:a:bestpractical:rtfm:2.4.2:::::::*

References

Link	Resource
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.html
http://secunia.com/advisories/51062	Vendor Advisory
http://secunia.com/advisories/51111	Vendor Advisory
http://www.debian.org/security/2012/dsa-2568

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:15:34

Updated: 2022-10-03T16:15:34

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-4731

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-11-11T13:00:59.307

Modified: 2012-12-28T05:00:00.000

Link: CVE-2012-4731

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:34", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "51111", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51111"}, {"name": "[rt-announce] 20121025 Security vulnerabilities in RT", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"}, {"name": "DSA-2568", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2568"}, {"name": "[rt-announce] 20121025 RTFM 2.4.5 Released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.html"}, {"name": "51062", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51062"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4731", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "51111", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51111"}, {"name": "[rt-announce] 20121025 Security vulnerabilities in RT", "refsource": "MLIST", "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"}, {"name": "DSA-2568", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2568"}, {"name": "[rt-announce] 20121025 RTFM 2.4.5 Released", "refsource": "MLIST", "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.html"}, {"name": "51062", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51062"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4731", "datePublished": "2022-10-03T16:15:34", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:34", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bestpractical:rtfm:*:*:*:*:*:*:*:*", "matchCriteriaId": "51D3EF18-9DB5-40C0-8F89-A25AFB9E3EFD", "versionEndIncluding": "2.4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rtfm:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "275563EB-DA67-42B5-9EEB-14807C5DED58", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rtfm:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "34CF07EE-C47E-4966-9AC9-CDF60695228D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rtfm:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A1866245-CC70-49A9-A64D-8B238777103F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rtfm:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "81FA69E8-B541-4D25-9370-BB0657B17205", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rtfm:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "90E417C9-194C-48C9-A6AE-61B8D430BA3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rtfm:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "A2A3850C-3806-49A8-AE75-9BAEBE5A9796", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors."}, {"lang": "es", "value": "FAQ manager para Request Tracker (RTFM) antes de v2.4.5 no comprueba correctamente los derechos del usuario, lo que permite a usuarios remotos autenticados crear art\u00edculos arbitrarias en las clases de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2012-4731", "lastModified": "2012-12-28T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-11T13:00:59.307", "references": [{"source": "cve@mitre.org", "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"}, {"source": "cve@mitre.org", "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51062"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51111"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2012/dsa-2568"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}