CVE-2012-4733
Published: 23 August 2013
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
request-tracker3.8 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
| precise |
Not vulnerable
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
request-tracker4 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Not vulnerable
(4.0.13-1)
|
|
| trusty |
Does not exist
(trusty was not-affected [4.0.19-1])
|
|
| upstream |
Released
(4.0.12-2)
|
|
| utopic |
Not vulnerable
(4.0.19-1)
|
|
| vivid |
Not vulnerable
(4.0.19-1)
|
|
| wily |
Not vulnerable
(4.0.19-1)
|
|
| xenial |
Not vulnerable
(4.0.19-1)
|
|
| yakkety |
Not vulnerable
(4.0.19-1)
|
|
| zesty |
Not vulnerable
(4.0.19-1)
|