CVE-2013-3369Request-tracker4 vulnerability

4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
0.6%
top 29.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Request-tracker4Bestpractical RT
Timeline
PublishedAug 23
Latest updateMay 17

Description

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

debiandebian/request-tracker4< request-tracker4 4.0.12-2 (bookworm)
NVDbestpractical/rt30 versions+29

Patches

Patch: lists.bestpractical.comPatch: lists.bestpractical.comPatch: lists.bestpractical.com

🔴Vulnerability Details

2
GHSA
GHSA-v9xx-74wg-qf63: Request Tracker (RT) 32022-05-17
OSV
CVE-2013-3369: Request Tracker (RT) 32013-08-23

📋Vendor Advisories

1
Debian
CVE-2013-3369: request-tracker4 - Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote a...2013
CVE-2013-3369 — Debian Request-tracker4 vulnerability | cvebase