CVE-2012-4884Code Injection in Request-tracker4

CWE-94Code Injection6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 52.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Request-tracker4Bestpractical RT
Timeline
PublishedNov 11
Latest updateMay 17

Description

Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

debiandebian/request-tracker4< request-tracker4 4.0.7-2 (bookworm)
NVDbestpractical/rt24 versions+23

🔴Vulnerability Details

2
GHSA
GHSA-6vrj-8gxv-3r7w: Argument injection vulnerability in Request Tracker (RT) 32022-05-17
OSV
CVE-2012-4884: Argument injection vulnerability in Request Tracker (RT) 32012-11-11

📋Vendor Advisories

1
Debian
CVE-2012-4884: request-tracker4 - Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and...2012

💬Community

2
Bugzilla
CVE-2012-4730 CVE-2012-4732 CVE-2012-4734 CVE-2012-4735 CVE-2012-4884 rt3: Multiple flaws fixed in upstream 3.8.15 version [fedora-all]2012-10-26
Bugzilla
CVE-2012-4730 CVE-2012-4732 CVE-2012-4734 CVE-2012-4735 CVE-2012-4884 rt3: Multiple flaws fixed in upstream 3.8.15 version [epel-all]2012-10-26
CVE-2012-4884 — Code Injection in Request-tracker4 | cvebase