CVE-2012-6580
EPSS 0.13%
Description
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address.
How to fix CVE-2012-6580
To remediate CVE-2012-6580, upgrade the affected package to a fixed version below.
- Debian/request-tracker4—upgrade to 4.0.7-2 or later
Is CVE-2012-6580 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.0.7-2