Описание
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.4.1-4 |
| bionic | not-affected | 4.4.1-4 |
| cosmic | not-affected | 4.4.1-4 |
| devel | not-affected | 4.4.1-4 |
| disco | not-affected | 4.4.1-4 |
| eoan | not-affected | 4.4.1-4 |
| esm-apps/bionic | not-affected | 4.4.1-4 |
| esm-apps/focal | not-affected | 4.4.1-4 |
| esm-apps/jammy | not-affected | 4.4.1-4 |
| esm-apps/noble | not-affected | 4.4.1-4 |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
The dashboard subscription interface in Request Tracker (RT) 4.x befor ...
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3