Описание
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | not-affected | |
| precise | not-affected | |
| precise/esm | DNE | precise was not-affected |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.0.19-1 |
| esm-apps/xenial | not-affected | 4.0.19-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [4.0.19-1]] |
| lucid | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | not-affected | 4.0.13-1 |
| trusty | not-affected | 4.0.19-1 |
Показывать по
Ссылки на источники
EPSS
6 Medium
CVSS2
Связанные уязвимости
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the D ...
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
EPSS
6 Medium
CVSS2