Vulnerability in Bestpractical Rt

CVE-2012-4733

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vect…

EPSS: 0.006 (68.9th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Rt — versions 4.0.0, 4.0.1, 4.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-255

References

[rt-announce] 20130522 Security vulnerabilities in RT (Vendor Advisory, mailing-list, x_refsource_MLIST)
93611 (x_refsource_OSVDB, vdb-entry)
[rt-announce] 20130522 RT 4.0.13 released (mailing-list, x_refsource_MLIST, Patch)
53522 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)