CVE-2012-6580Request-tracker4 vulnerability

CWE-3104 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 67.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Request-tracker4Bestpractical Request Tracker
Timeline
PublishedJul 24
Latest updateMay 17

Description

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDbestpractical/request_tracker17 versions+16
debiandebian/request-tracker4< request-tracker4 4.0.7-2 (bookworm)

Patches

Patch: lists.bestpractical.comPatch: lists.bestpractical.com

🔴Vulnerability Details

2
GHSA
GHSA-pr6v-qj9p-h45q: Best Practical Solutions RT 32022-05-17
OSV
CVE-2012-6580: Best Practical Solutions RT 32013-07-24

📋Vendor Advisories

1
Debian
CVE-2012-6580: request-tracker4 - Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when Gnu...2012
CVE-2012-6580 — Debian Request-tracker4 vulnerability | cvebase