cvelistv5 - cve-2012-4733

CVE-2012-4733 (GCVE-0-2012-4733)

Vulnerability from cvelistv5 – Published: 2013-08-23 16:00 – Updated: 2024-09-16 20:36

Summary

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.bestpractical.com/pipermail/rt-annou…	mailing-listx_refsource_MLIST
	http://www.osvdb.org/93611	vdb-entryx_refsource_OSVDB
	http://lists.bestpractical.com/pipermail/rt-annou…	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/53522	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:42:55.148Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[rt-announce] 20130522 Security vulnerabilities in RT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
          },
          {
            "name": "93611",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/93611"
          },
          {
            "name": "[rt-announce] 20130522 RT 4.0.13 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
          },
          {
            "name": "53522",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-23T16:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[rt-announce] 20130522 Security vulnerabilities in RT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
        },
        {
          "name": "93611",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/93611"
        },
        {
          "name": "[rt-announce] 20130522 RT 4.0.13 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
        },
        {
          "name": "53522",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53522"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-4733",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[rt-announce] 20130522 Security vulnerabilities in RT",
              "refsource": "MLIST",
              "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
            },
            {
              "name": "93611",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/93611"
            },
            {
              "name": "[rt-announce] 20130522 RT 4.0.13 released",
              "refsource": "MLIST",
              "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
            },
            {
              "name": "53522",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53522"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-4733",
    "datePublished": "2013-08-23T16:00:00Z",
    "dateReserved": "2012-08-29T00:00:00Z",
    "dateUpdated": "2024-09-16T20:36:33.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F84987A7-103B-4473-9D4F-9F28880F6D9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E220C7C-D32C-4ED1-A056-074576B7B504\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"57A903C6-3C9F-47A0-92F7-D5272B2622AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"67EBD0AE-1A91-4690-8A07-0FB7342768FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1217A3C-2302-4E3B-BF35-4B16271A6FF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"A72E5649-26E5-47DE-9CB4-019FEC8AF13E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"51E06E3C-4504-4325-BD89-9102315858C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A1286FE-DB7C-48B1-82A9-A23C82984A21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60F0CE6D-3DFA-4432-9615-78718C1D5583\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F478B6AB-8B47-46A2-BEA7-9FF24F4A7026\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7CA2655-8B75-4DFF-9B30-1B9839B87D9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A65F27F5-D134-4B94-BF93-CE32065B75B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D976231-5D79-4C48-BFFA-39E3E7FE35A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"F35ABA0F-6072-433E-AAA5-3B0BB219B404\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1D6E744-5181-4E94-8B9B-3CA83648C7A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15112BC0-8C03-4417-A0EB-123C326E6F34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"685B747F-6C34-4D76-B1A3-652EF2480D5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \\\"custom lifecycle transition\\\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Request Tracker (RT) v4.x anterior a v4.0.13 no aplica adecuadamente el permiso DeleteTicket y \\\"la transici\\u00f3n del ciclo de vida personalizado\\\", lo que permite a usuarios remotos autenticados con el permiso ModifyTicket suprimir entradas a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2012-4733",
      "lastModified": "2024-11-21T01:43:25.620",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-08-23T16:55:06.947",
      "references": "[{\"url\": \"http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/53522\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/93611\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/53522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/93611\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-255\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-4733\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-08-23T16:55:06.947\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \\\"custom lifecycle transition\\\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Request Tracker (RT) v4.x anterior a v4.0.13 no aplica adecuadamente el permiso DeleteTicket y \\\"la transici\u00f3n del ciclo de vida personalizado\\\", lo que permite a usuarios remotos autenticados con el permiso ModifyTicket suprimir entradas a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F84987A7-103B-4473-9D4F-9F28880F6D9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E220C7C-D32C-4ED1-A056-074576B7B504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"57A903C6-3C9F-47A0-92F7-D5272B2622AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"67EBD0AE-1A91-4690-8A07-0FB7342768FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1217A3C-2302-4E3B-BF35-4B16271A6FF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A72E5649-26E5-47DE-9CB4-019FEC8AF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"51E06E3C-4504-4325-BD89-9102315858C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A1286FE-DB7C-48B1-82A9-A23C82984A21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60F0CE6D-3DFA-4432-9615-78718C1D5583\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F478B6AB-8B47-46A2-BEA7-9FF24F4A7026\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7CA2655-8B75-4DFF-9B30-1B9839B87D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A65F27F5-D134-4B94-BF93-CE32065B75B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D976231-5D79-4C48-BFFA-39E3E7FE35A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35ABA0F-6072-433E-AAA5-3B0BB219B404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1D6E744-5181-4E94-8B9B-3CA83648C7A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15112BC0-8C03-4417-A0EB-123C326E6F34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"685B747F-6C34-4D76-B1A3-652EF2480D5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35\"}]}]}],\"references\":[{\"url\":\"http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/53522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/93611\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/53522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/93611\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-3F39-V4R2-MJQQ

Vulnerability from github – Published: 2022-05-17 05:05 – Updated: 2022-05-17 05:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-4733"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-08-23T16:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.",
  "id": "GHSA-3f39-v4r2-mjqq",
  "modified": "2022-05-17T05:05:40Z",
  "published": "2022-05-17T05:05:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4733"
    },
    {
      "type": "WEB",
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/53522"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/93611"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2012-4733

Vulnerability from fkie_nvd - Published: 2013-08-23 16:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html	Vendor Advisory
cve@mitre.org	http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html	Patch
cve@mitre.org	http://secunia.com/advisories/53522	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/93611
af854a3a-2127-422b-91ae-364da2661108	http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/53522	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/93611

Impacted products

Vendor	Product	Version
bestpractical	rt	4.0.0
bestpractical	rt	4.0.0
bestpractical	rt	4.0.0
bestpractical	rt	4.0.0
bestpractical	rt	4.0.0
bestpractical	rt	4.0.0
bestpractical	rt	4.0.0
bestpractical	rt	4.0.0
bestpractical	rt	4.0.0
bestpractical	rt	4.0.1
bestpractical	rt	4.0.1
bestpractical	rt	4.0.1
bestpractical	rt	4.0.2
bestpractical	rt	4.0.2
bestpractical	rt	4.0.2
bestpractical	rt	4.0.3
bestpractical	rt	4.0.10
bestpractical	rt	4.0.11
bestpractical	rt	4.0.12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "15112BC0-8C03-4417-A0EB-123C326E6F34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "685B747F-6C34-4D76-B1A3-652EF2480D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Request Tracker (RT) v4.x anterior a v4.0.13 no aplica adecuadamente el permiso DeleteTicket y \"la transici\u00f3n del ciclo de vida personalizado\", lo que permite a usuarios remotos autenticados con el permiso ModifyTicket suprimir entradas a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-4733",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-23T16:55:06.947",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53522"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/93611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/93611"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2013-AVI-325

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans RT. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Versions antérieures à RT 3.8.17
	N/A	N/A	Versions antérieures à RT 4.0.13

References

Title

Publication Time

Tags

Bulletin de sécurité RT du 22 mai 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Versions ant\u00e9rieures \u00e0 RT 3.8.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 RT 4.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-3369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3369"
    },
    {
      "name": "CVE-2013-3374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3374"
    },
    {
      "name": "CVE-2013-3370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3370"
    },
    {
      "name": "CVE-2013-3372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3372"
    },
    {
      "name": "CVE-2013-3373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3373"
    },
    {
      "name": "CVE-2013-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3368"
    },
    {
      "name": "CVE-2012-4733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4733"
    },
    {
      "name": "CVE-2013-3371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3371"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-325",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-05-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eRT\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans RT",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RT du 22 mai 2013",
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
    }
  ]
}

CERTA-2013-AVI-325

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Versions antérieures à RT 3.8.17
	N/A	N/A	Versions antérieures à RT 4.0.13

References

Title

Publication Time

Tags

Bulletin de sécurité RT du 22 mai 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Versions ant\u00e9rieures \u00e0 RT 3.8.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 RT 4.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-3369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3369"
    },
    {
      "name": "CVE-2013-3374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3374"
    },
    {
      "name": "CVE-2013-3370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3370"
    },
    {
      "name": "CVE-2013-3372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3372"
    },
    {
      "name": "CVE-2013-3373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3373"
    },
    {
      "name": "CVE-2013-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3368"
    },
    {
      "name": "CVE-2012-4733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4733"
    },
    {
      "name": "CVE-2013-3371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3371"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-325",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-05-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eRT\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans RT",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RT du 22 mai 2013",
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
    }
  ]
}

GSD-2012-4733

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-4733

Aliases

CVE-2012-4733

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-4733",
    "description": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.",
    "id": "GSD-2012-4733",
    "references": [
      "https://www.debian.org/security/2013/dsa-2671",
      "https://advisories.mageia.org/CVE-2012-4733.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-4733"
      ],
      "details": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.",
      "id": "GSD-2012-4733",
      "modified": "2023-12-13T01:20:15.107750Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-4733",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[rt-announce] 20130522 Security vulnerabilities in RT",
            "refsource": "MLIST",
            "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
          },
          {
            "name": "93611",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/93611"
          },
          {
            "name": "[rt-announce] 20130522 RT 4.0.13 released",
            "refsource": "MLIST",
            "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
          },
          {
            "name": "53522",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/53522"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-4733"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93611",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/93611"
            },
            {
              "name": "[rt-announce] 20130522 RT 4.0.13 released",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
            },
            {
              "name": "[rt-announce] 20130522 Security vulnerabilities in RT",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
            },
            {
              "name": "53522",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/53522"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-08-27T17:16Z",
      "publishedDate": "2013-08-23T16:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-4733 (GCVE-0-2012-4733)

GHSA-3F39-V4R2-MJQQ

FKIE_CVE-2012-4733

CERTA-2013-AVI-325

Solution

CERTA-2013-AVI-325

Solution

GSD-2012-4733

Tags

Sightings

Nomenclature