Debian Request-Tracker4 vulnerabilities

CVE-2013-3373 [MEDIUM] CVE-2013-3373: request-tracker4 - CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0... CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header. Scope: local bookworm: resolved (fixed in 4.0.12-2) bullseye: resolved (fixed in 4.0.12-2) sid: resolved (fixed in 4.0.12-2)

CVE-2013-3369 [MEDIUM] CVE-2013-3369: request-tracker4 - Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote a... Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.0.12-2) bullseye: resolved (fixed in 4.0.12-2) sid: resolved (fixed in 4.0.12-2)

CVE-2013-3372 [MEDIUM] CVE-2013-3372: request-tracker4 - Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote a... Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.0.12-2) bullseye: resolved (fixed in 4.0.12-2) sid: resolved (fixed in 4.0.12-2)

CVE-2013-3371 [MEDIUM] CVE-2013-3371: request-tracker4 - Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3... Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment. Scope: local bookworm: resolved (fixed in 4.0.12-2) bullseye: resolved (fixed in 4.0.12-2) sid: resolved (fixed in 4.0.12-2)

CVE-2013-3368 [LOW] CVE-2013-3368: request-tracker4 - bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allow... bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name. Scope: local bookworm: resolved (fixed in 4.0.12-2) bullseye: resolved (fixed in 4.0.12-2) sid: resolved (fixed in 4.0.12-2)

CVE-2012-4731 [MEDIUM] CVE-2012-4731: request-tracker4 - FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user... FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) sid: resolved (fixed in 4.0.7-2)

CVE-2012-6579 [MEDIUM] CVE-2012-6579: request-tracker4 - Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when Gnu... Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: re

CVE-2012-6581 [MEDIUM] CVE-2012-6581: request-tracker4 - Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when Gnu... Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege. Scope: local bookworm: resolved (fixed in

CVE-2012-4884 [MEDIUM] CVE-2012-4884: request-tracker4 - Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and... Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) sid: resolved (fixed in 4.0.7-2)

CVE-2012-6578 [MEDIUM] CVE-2012-6578: request-tracker4 - Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when Gnu... Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.

CVE-2012-4732 [MEDIUM] CVE-2012-4732: request-tracker4 - Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 a... Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) sid: reso

CVE-2012-4733 [MEDIUM] CVE-2012-4733: request-tracker4 - Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicke... Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.0.12-2) bullseye: resolved (fixed in 4.0.12-2) sid: resolved (fixed in

CVE-2012-2769 [MEDIUM] CVE-2012-2769: request-tracker4 - Multiple cross-site scripting (XSS) vulnerabilities in the topic administration ... Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.0.6-1) b

CVE-2012-4734 [MEDIUM] CVE-2012-4734: request-tracker4 - Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote at... Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) sid

CVE-2012-6580 [MEDIUM] CVE-2012-6580: request-tracker4 - Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when Gnu... Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address. Scope: local boo

CVE-2012-2768 [MEDIUM] CVE-2012-2768: request-tracker4 - Multiple cross-site scripting (XSS) vulnerabilities in the topic administration ... Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.0.6-1) bullseye: resolved (fixed in 4.0.6-1) sid: resolved (fixed in

CVE-2012-4730 [LOW] CVE-2012-4730: request-tracker4 - Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote au... Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) sid: resolved (fixe

CVE-2011-4458 [MEDIUM] CVE-2011-4458: request-tracker4 - Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before... Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093. Scope: local bookworm: resolved (fixed in 4.0.5-3) bullseye: resolved (fixed

CVE-2011-2084 [MEDIUM] CVE-2011-2084: request-tracker4 - Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote... Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account. Scope: local bookworm: resolved (fixed in 4.0.5-3) bullseye: resolved (fixed in 4.0.5-3) sid: resolved (fixed in 4.0.5-3)

CVE-2011-4460 [MEDIUM] CVE-2011-4460: request-tracker4 - SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.... SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account. Scope: local bookworm: resolved (fixed in 4.0.5-3) bullseye: resolved (fixed in 4.0.5-3) sid: resolved (fixed in 4.0.5-3)