CVE-2011-4459 — Request-tracker4 vulnerability

CWE-2645 documents5 sources

Severity

3.5LOWNVD

EPSS

0.3%

top 50.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Request-tracker4 Bestpractical RT

Timeline

PublishedJun 4

Latest updateMay 17

Description

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDbestpractical/rt83 versions+82

▶debiandebian/request-tracker4< request-tracker4 4.0.5-3 (bookworm)

Patches

Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗

🔴Vulnerability Details

GHSA

GHSA-36g9-25qq-8h88: Best Practical Solutions RT 3↗2022-05-17

▶

OSV

CVE-2011-4459: Best Practical Solutions RT 3↗2012-06-04

▶

📋Vendor Advisories

Debian

CVE-2011-4459: request-tracker4 - Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not prop...↗2011

▶

💬Community

Bugzilla

rt3: Multiple security flaws fixed in upstream v3.8.12 and v4.0.6 versions↗2012-05-22

▶