Vulnerability in Bestpractical Rt

CVE-2013-3369

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.

EPSS: 0.006 (70.7th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Rt — versions 3.8.0, 3.8.1, 3.8.2
N/a — versions n/a

References

[rt-announce] 20130522 RT 3.8.17 released (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
93610 (x_refsource_OSVDB, vdb-entry)
[rt-announce] 20130522 Security vulnerabilities in RT (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
[rt-announce] 20130522 RT 4.0.13 released (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
53505 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
DSA-2670 (vendor-advisory, x_refsource_DEBIAN)
53522 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)