Vulnerabilities

CVE-2012-4733

by Fred · 23/08/2013

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

Date published : 2013-08-23

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

Similar

Tags: Cybersecurity Alert