CVE-2011-1008 — RT vulnerability

CWE-2646 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.6%

top 30.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bestpractical RT

Timeline

PublishedFeb 28

Latest updateMay 13

Description

Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbestpractical/rt3.8.9+71

Patches

Patch: bugs.debian.org ↗Patch: lists.bestpractical.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-pprg-q2gm-jrhj: Scrips_Overlay↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

OfficeSIP Server 3.1 - Denial of Service↗2012-02-02

▶

💬Community

Bugzilla

CVE-2011-0009 CVE-2011-1008 CVE-2011-1007 rt3 various flaws [epel-6]↗2011-02-24

▶

Bugzilla

CVE-2011-1008 CVE-2011-1007 rt3 various flaws [fedora-all]↗2011-02-24

▶

Bugzilla

CVE-2011-1008 rt3: SQL queries information leak by user account transition↗2011-02-22

▶