Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-6581

Опубликовано: 24 июл. 2013
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 60%
0.00395
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2012-6581

ubuntu
больше 12 лет назад

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.

debian логотип

CVE-2012-6581

debian
больше 12 лет назад

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ...

github логотип

GHSA-g3f8-5r75-qjfx

github
больше 3 лет назад

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.

EPSS

Процентиль: 60%
0.00395
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264