RCE in Bestpractical Rt

CVE-2012-4884

Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.002 (48.0th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Rt — versions 3.8.0, 3.8.1, 3.8.2
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

[rt-announce] 20121025 Security vulnerabilities in RT (mailing-list, x_refsource_MLIST)
DSA-2567 (vendor-advisory, x_refsource_DEBIAN)