CVE-2012-4730
Published: 11 November 2012
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.
Priority
Status
Package | Release | Status |
---|---|---|
request-tracker3.8 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(3.8.7-1ubuntu2.3)
|
|
oneiric |
Released
(3.8.10-1ubuntu0.1)
|
|
precise |
Released
(3.8.11-1ubuntu0.1)
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.8.8-7+squeeze6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
request-tracker4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Not vulnerable
(4.0.7-2)
|
|
saucy |
Not vulnerable
(4.0.7-2)
|
|
trusty |
Does not exist
(trusty was not-affected [4.0.7-2])
|
|
upstream |
Released
(4.0.7-2)
|
|
utopic |
Not vulnerable
(4.0.7-2)
|
|
vivid |
Not vulnerable
(4.0.7-2)
|
|
wily |
Not vulnerable
(4.0.7-2)
|
|
xenial |
Not vulnerable
(4.0.7-2)
|
|
yakkety |
Not vulnerable
(4.0.7-2)
|
|
zesty |
Not vulnerable
(4.0.7-2)
|