Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
References
Link | Resource |
---|---|
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | Vendor Advisory |
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | Patch |
http://secunia.com/advisories/53522 | Vendor Advisory |
http://www.osvdb.org/93611 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:15:35
Updated: 2022-10-03T16:15:35
Reserved: 2022-10-03T00:00:00
Link: CVE-2012-4733
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-08-23T16:55:06.947
Modified: 2013-08-27T17:16:05.973
Link: CVE-2012-4733
JSON object: View
Redhat Information
No data.
CWE