CVE-2017-5944Improper Input Validation in Request-tracker4

CWE-20Improper Input Validation6 documents5 sources
Severity
8.8HIGHNVD
EPSS
4.2%
top 11.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Request-tracker4Bestpractical Request Tracker
Timeline
PublishedJul 3
Latest updateMay 13

Description

The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/request-tracker4< request-tracker4 4.4.1-4 (bookworm)
NVDbestpractical/request_tracker41 versions+40

🔴Vulnerability Details

2
GHSA
GHSA-fcc9-mfrp-452q: The dashboard subscription interface in Request Tracker (RT) 42022-05-13
OSV
CVE-2017-5944: The dashboard subscription interface in Request Tracker (RT) 42017-07-03

📋Vendor Advisories

1
Debian
CVE-2017-5944: request-tracker4 - The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, ...2017

💬Community

2
Bugzilla
CVE-2017-5944 rt: Remote code execution in the dashboard subscription interface2017-07-26
Bugzilla
CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944 rt: various flaws [fedora-all]2017-07-26
CVE-2017-5944 — Improper Input Validation | cvebase