Vulnerability in Bestpractical Request_tracker

CVE-2012-6578

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.003 (49.4th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Request_tracker — versions 3.8.3, 3.8.4, 3.8.7
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

[rt-announce] 20121025 Security vulnerabilities in RT (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)