CVE-2012-4733
request-tracker4 - several
EPSS 0.57%
Description
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
How to fix CVE-2012-4733
To remediate CVE-2012-4733, upgrade the affected package to a fixed version below.
- Debian/request-tracker4—upgrade to 4.0.12-2 or later
- Debian/request-tracker4—upgrade to 4.0.7-5+deb7u2 or later
Is CVE-2012-4733 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.0.12-2
- from 0, < 4.0.7-5+deb7u2