CVE-2013-3370

Description

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.

How to fix CVE-2013-3370

To remediate CVE-2013-3370, upgrade the affected package to a fixed version below.

• Debian/request-tracker4—upgrade to 4.0.12-2 or later

Is CVE-2013-3370 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.0.12-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-3370