CVE-2011-4459
EPSS 0.26%
Description
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.
How to fix CVE-2011-4459
To remediate CVE-2011-4459, upgrade the affected package to a fixed version below.
- Debian/request-tracker4—upgrade to 4.0.5-3 or later
Is CVE-2011-4459 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.0.5-3