Insufficient Permission Control in Request Tracker by Best Practical
CVE-2012-4733

Currently unrated

Key Information:

Vendor: Bestpractical
Status: Rt
Vendor: CVE Published:; 23 August 2013

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2012-4733?

The Request Tracker (RT) 4.x prior to version 4.0.13 is susceptible to an authorization bypass vulnerability. This issue arises because the application does not effectively enforce permissions related to ticket deletion and custom lifecycle transitions. As a result, remote authenticated users with the 'ModifyTicket' permission may exploit this weakness to delete tickets, potentially compromising the integrity of the ticketing system.

References

http://lists.bestpractical.com/pipermail/rt-announce/2013...

mailing-listx_refsource_MLIST

http://www.osvdb.org/93611

vdb-entryx_refsource_OSVDB

http://lists.bestpractical.com/pipermail/rt-announce/2013...

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 23, 2013

CVE-2012-4733 Data

JSON