Vulnerability in Bestpractical Request_tracker

CVE-2012-6580

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a me…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.001 (32.1th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Request_tracker — versions 3.8.3, 3.8.4, 3.8.7
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

[rt-announce] 20121025 Security vulnerabilities in RT (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)