Vulnerability in Bestpractical Rt
CVE-2013-3370
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.
EPSS: 0.011 (78.7th percentile) — read the EPSS interpretation.
Affected products
- Bestpractical Rt — versions 4.0.0, 4.0.1, 4.0.2
- N/a — versions n/a
Weakness classification (CWE)
References
- [rt-announce] 20130522 RT 3.8.17 released (mailing-list, x_refsource_MLIST, Patch)
- [rt-announce] 20130522 Security vulnerabilities in RT (mailing-list, x_refsource_MLIST, Patch)
- 93609 (x_refsource_OSVDB, vdb-entry)
- [rt-announce] 20130522 RT 4.0.13 released (mailing-list, x_refsource_MLIST, Patch)
- 53505 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- DSA-2670 (vendor-advisory, x_refsource_DEBIAN)
- 53522 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)