Vulnerability in Bestpractical Request_tracker

CVE-2012-6581

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by…

EPSS: 0.004 (60.7th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Request_tracker — versions 3.8.3, 3.8.4, 3.8.7
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

[rt-announce] 20121025 Security vulnerabilities in RT (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)