CVE-2013-3369

Description

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.

How to fix CVE-2013-3369

To remediate CVE-2013-3369, upgrade the affected package to a fixed version below.

• Debian/request-tracker4—upgrade to 4.0.12-2 or later

Is CVE-2013-3369 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.0.12-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-3369