CVE-2012-4731 — Request-tracker4 vulnerability

CWE-2644 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.3%

top 46.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Request-tracker4 Bestpractical Rtfm

Timeline

PublishedNov 11

Latest updateMay 17

Description

FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/request-tracker4< request-tracker4 4.0.7-2 (bookworm)

▶NVDbestpractical/rtfm2.4.3+6

🔴Vulnerability Details

GHSA

GHSA-8fxh-jgx8-hfm7: FAQ manager for Request Tracker (RTFM) before 2↗2022-05-17

▶

OSV

CVE-2012-4731: FAQ manager for Request Tracker (RTFM) before 2↗2012-11-11

▶

📋Vendor Advisories

Debian

CVE-2012-4731: request-tracker4 - FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user...↗2012

▶