CVE-2012-4730
request-tracker3.8 - several
EPSS 0.18%
Description
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.
How to fix CVE-2012-4730
To remediate CVE-2012-4730, upgrade the affected package to a fixed version below.
- Debian/request-tracker3.8—upgrade to 3.8.8-7+squeeze6 or later
- Debian/request-tracker4—upgrade to 4.0.7-2 or later
Is CVE-2012-4730 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.8.8-7+squeeze6
- from 0, < 4.0.7-2